Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AC:H reflects the mandatory renderer pre-compromise prerequisite; all other metrics align with the provided vector since no auth, no confidentiality, and no availability impact apply.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Lifecycle Timeline
4DescriptionCVE.org
Insufficient validation of untrusted input in DataTransfer in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
AnalysisAI
UI spoofing in Google Chrome for Windows (prior to 150.0.7871.47) is enabled by insufficient input validation in the DataTransfer subsystem when the renderer process has already been compromised. A remote attacker who controls a compromised renderer can deliver a crafted HTML page that manipulates visual UI elements, potentially deceiving users into approving malicious permissions, revealing credentials, or performing unintended actions. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two hard prerequisites: (1) the attacker must have already achieved compromise of the Chrome renderer process via a separate, independent vulnerability - this is not a standalone exploit; and (2) the victim must interact with a crafted HTML page (UI:R), meaning the user must actively visit or be redirected to attacker-controlled content. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS of 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) overstates standalone exploitability because AC:L does not capture the renderer pre-compromise prerequisite, which is a substantial real-world complexity factor. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker first achieves renderer process compromise through a separate Chromium vulnerability (such as a type confusion or use-after-free in the V8 engine or HTML parser), then serves a crafted HTML page that exploits the DataTransfer input validation flaw to render a convincing spoofed dialog - for example, a fake Windows security prompt or Chrome permission request - that induces the victim to approve a malicious action such as a file download, credential entry, or extension install. No public exploit code for this specific DataTransfer flaw is known at time of analysis. |
| Remediation | Upgrade Google Chrome on all Windows endpoints to version 150.0.7871.47 or later via the stable channel update documented at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40678
GHSA-cgj9-48jq-3g65