Description
Inappropriate implementation in File Input in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An inappropriate implementation in the File Input component of Google Chrome before version 150.0.7871.47 allows a remote attacker to execute UI spoofing by delivering a crafted HTML page. The flaw does not provide code execution or data exfiltration, but enables the attacker to trick a user into interacting with a counterfeit user interface that may appear to come from a trusted source. The Chromium security team rated this as low severity, indicating limited direct damage beyond misleading users. The vulnerability is exploited solely through a malicious webpage viewed in the victim’s browser, so it requires social engineering to trigger.

Affected Systems

All installations of Google Chrome with a revision older than 150.0.7871.47 are affected. This includes the stable, beta, dev, and canary channels prior to any update that includes the fixed 150.0.7871.47 build. No other operating systems or browser brands are cited as impacted.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting that it is not currently a high‑profile target. The CVSS score is not published in the available data, but the low severity rating and lack of exploitation reports imply a modest risk profile. An attacker must first entice a user to visit a malicious webpage with a crafted file input, and then rely on user interaction with the spoofed UI to achieve the desired misdirection. Given these prerequisites, the overall exploitation likelihood is relatively low.

Generated by OpenCVE AI on July 1, 2026 at 05:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later to remove the flaw
  • Ensure automatic updates are enabled so that future browser releases are applied promptly
  • Avoid opening unfamiliar web pages that request file uploads; use trusted sources only

Generated by OpenCVE AI on July 1, 2026 at 05:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 04:30:00 +0000

Type Values Removed Values Added
Title Chrome File Input UI Spoofing Vulnerability
Weaknesses CWE-20

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in File Input in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:02.320Z

Reserved: 2026-06-29T23:11:27.891Z

Link: CVE-2026-14031

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T05:15:04Z

Weaknesses
  • CWE-20

    Improper Input Validation