Skip to main content

Google Chrome CVE-2026-13985

| EUVDEUVD-2026-40673 MEDIUM
User Interface (UI) Misrepresentation of Critical Information (CWE-451)
2026-06-30 chrome-cve-admin@google.com GHSA-4gpx-jrqf-pgvg
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
vuln.today AI
5.3 MEDIUM

AC:H reflects the required prior renderer compromise; AV:N retained as the crafted page is network-delivered; I:H for UI integrity spoofing with no confidentiality or availability impact.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 17:28 vuln.today
CVSS changed
Jul 01, 2026 - 17:22 NVD
6.5 (MEDIUM)
CVE Published
Jun 30, 2026 - 23:17 cve.org
MEDIUM 6.5
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

Inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

AnalysisAI

UI spoofing via MediaCapture in Google Chrome prior to 150.0.7871.47 enables a remote attacker who has already compromised the renderer process to misrepresent browser UI through a crafted HTML page, potentially deceiving users into granting permissions or trusting malicious content. This is a chained exploitation technique - it requires a prior renderer compromise as a prerequisite - making it a post-exploitation integrity threat rather than an initial access vector. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Compromise Chrome renderer via separate exploit
Delivery
Deliver crafted HTML to victim's browser tab
Exploit
Trigger inappropriate MediaCapture UI rendering
Execution
Forge or suppress trust-critical browser UI elements
Impact
Deceive user into granting permissions or trusting spoofed origin

Vulnerability AssessmentAI

Exploitation Exploitation requires two conditions: (1) the attacker must have already achieved code execution within the Chrome renderer process, typically through a separate, chained vulnerability exploiting the rendering engine (e.g., V8 or Blink); (2) user interaction is required (UI:R), as the spoofing attack relies on the victim perceiving and responding to forged UI elements. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) reflects a medium severity, but the PR:N assignment conflicts with the description's explicit requirement that the attacker has 'already compromised the renderer process' - a substantial prerequisite that NVD likely maps to PR:N within Chrome's own threat model (renderer = untrusted principal, not an authenticated user account). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already gained code execution within a Chrome renderer process - via a separate memory corruption or logic vulnerability - delivers a crafted HTML page that exploits the MediaCapture implementation flaw to forge UI elements such as a fake permission prompt or suppress a real capture indicator. A victim user, seeing what appears to be a legitimate browser interface, is deceived into granting camera or microphone access to the attacker's origin, or into believing they are interacting with a trusted page. …
Remediation Upgrade Google Chrome to version 150.0.7871.47 or later using Chrome's built-in update mechanism (chrome://settings/help) or via enterprise management tools (Google Admin Console, Intune). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-13985 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy