Description
Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-04-08
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: UI Spoofing
Action: Patch
AI Analysis

Impact

The vulnerability involves incorrect rendering of the security UI when Chrome enters fullscreen mode. An attacker can serve a crafted HTML page that triggers fullscreen and displays a fake security banner, potentially misleading users into trusting a malicious site. This exploit can be used for social‑engineering attacks, phishing, or otherwise manipulating user trust.

Affected Systems

Google Chrome browsers prior to version 147.0.7727.55 on all supported platforms (Windows, macOS, Linux) are affected.

Risk and Exploitability

The CVSS score of 4.3 indicates a medium severity. EPSS less than 1 % suggests low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to deliver a malicious web page that directs Chrome to enter fullscreen; no additional privileges are required.

Generated by OpenCVE AI on April 14, 2026 at 21:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 147.0.7727.55 or newer.
  • Verify that the browser displays the correct security UI in fullscreen mode.
  • Avoid entering fullscreen on untrusted sites until a patch is applied.

Generated by OpenCVE AI on April 14, 2026 at 21:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6205-1 chromium security update
History

Tue, 14 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Linux
Linux linux Kernel
Microsoft
Microsoft windows

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-451
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79

Fri, 10 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Chrome Fullscreen UI Spoofing Vulnerability chromium-browser: Incorrect security UI in Fullscreen
Weaknesses CWE-1021
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

threat_severity

Moderate

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Chrome Fullscreen UI Spoofing Vulnerability
First Time appeared Google
Google chrome
Weaknesses CWE-79
Vendors & Products Google
Google chrome

Wed, 08 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

Apple Macos
Google Chrome
Linux Linux Kernel
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-04-13T18:18:50.044Z

Reserved: 2026-04-08T19:34:37.957Z

Link: CVE-2026-5882

cve-icon Vulnrichment

Updated: 2026-04-13T17:56:57.283Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T22:16:27.847

Modified: 2026-04-14T20:01:27.660

Link: CVE-2026-5882

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-07T00:00:00Z

Links: CVE-2026-5882 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:15:11Z

Weaknesses