Description
Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from an inappropriate implementation in the Glic component of Google Chrome that allows a remote attacker to cause UI spoofing when a user performs certain UI gestures in response to a crafted HTML page. This can trick users into interacting with a malicious interface that appears legitimate, potentially leading to credential compromise or other unwanted actions. The weakness is represented by UI Redressing, which can manipulate user interactions without requiring code execution or exploitation of the operating system.

Affected Systems

All installations of Google Chrome with a version earlier than 150.0.7871.47 are affected. The issue has been identified in the stable channel before the listed version. Newer releases contain the fix.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, indicating low exposure so far. Because exploitation requires the victim to deliberately perform a UI gesture after visiting a crafted page, an attacker would need to persuade the user to click or interact in a suspicious context. The attack vector is web-based, with no need for local code execution. Although the CVSS severity is rated Low, the potential for social engineering makes it advisable to apply a patch.

Generated by OpenCVE AI on July 1, 2026 at 03:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later.
  • Educate users to avoid clicking on suspicious links and to be cautious when performing unexpected UI gestures on unfamiliar websites.
  • Use enterprise security policies or web filtering to detect and block malicious pages that attempt to mimic legitimate Chrome dialogs.

Generated by OpenCVE AI on July 1, 2026 at 03:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 03:45:00 +0000

Type Values Removed Values Added
Title Google Chrome UI Spoofing via Glic Due to Inadequate Implementation
Weaknesses CWE-1023

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-451
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:49:55.815Z

Reserved: 2026-06-29T23:11:52.470Z

Link: CVE-2026-14153

cve-icon Vulnrichment

Updated: 2026-07-01T01:49:50.542Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T03:30:05Z

Weaknesses
  • CWE-1023

    Incomplete Comparison with Missing Factors

  • CWE-451

    User Interface (UI) Misrepresentation of Critical Information