Description
Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in an incorrect handling of dark mode rendering in Google Chrome versions before 150.0.7871.47. A remote attacker can craft an HTML page that tricks users by imitating the browser’s user interface, potentially leading to deceptive interactions. This is a classic UI spoofing weakness that can defraud users into believing they are interacting with and integrity of user actions.

Affected Systems

All users running the Chrome desktop browser with a version earlier than 150.0.7871.47 are affected, regardless of operating system or locale. Only the stable channel is mentioned in the references, but any installation that has not yet received the 150.0.7871.47 update is vulnerable.

Risk and Exploitability

The official Chromium severity is Low, and the EPSS score is not available, indicating a modest likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog and has no known exploits at the time of analysis. The attack vector is likely a network-based one where a malicious web page is served to the user; successful exploitation requires the user to load the crafted page in Chrome. Given the low severity rating and lack of active exploitation, provided users employ standard safe browsing practices.

Generated by OpenCVE AI on July 1, 2026 at 04:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 150.0.7871.47 or later as soon as the update is released.
  • Configure Chrome to enforce default mixed content blocking and refrain from enabling experimental UI features that could expose rendering internals.
  • Avoid clicking on suspicious links and refrain from loading unfamiliar web pages in an elevated or developer-mode context.

Generated by OpenCVE AI on July 1, 2026 at 04:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 05:15:00 +0000

Type Values Removed Values Added
Title UI Spoofing via Dark Mode Rendering Bug in Chrome
Weaknesses CWE-1021
CWE-1170

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:30.681Z

Reserved: 2026-06-29T23:11:44.211Z

Link: CVE-2026-14110

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T05:00:07Z

Weaknesses