UI Spoofing Vulnerability in Google Chrome for Windows
CVE-2026-9110

4.2MEDIUM

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-9110?

A vulnerability in the user interface of Google Chrome on Windows allows remote attackers to conduct UI spoofing attacks. This occurs when the renderer process is compromised, enabling the attacker to create a deceptive user interface through a carefully crafted HTML page. Users may be misled into revealing sensitive information or performing unintended actions.

Affected Version(s)

Chrome 148.0.7778.179

References

https://chromereleases.googleblog.com/2026/05/stable-chan...

https://issues.chromium.org/issues/503551154

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
May 20, 2026

CVE-2026-9110 Data

JSON