UI Spoofing Vulnerability in Google Chrome DevTools
CVE-2026-8008

Currently unrated

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-8008?

A vulnerability in Google Chrome's DevTools prior to version 148.0.7778.96 allows attackers to exploit the installation of malicious extensions, enabling them to perform UI spoofing attacks. By convincing users to install these crafted Chrome Extensions, an attacker could manipulate the UI to mislead users, potentially leading to unauthorized actions. This highlights the necessity for vigilance in managing browser extensions and underscores the importance of keeping software updated to mitigate security risks.

Affected Version(s)

Chrome 148.0.7778.96

References

https://chromereleases.googleblog.com/2026/05/stable-chan...

https://issues.chromium.org/issues/496426191

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-8008 Data

JSON