Skip to main content

Google Chrome EUVDEUVD-2026-40708

| CVE-2026-14020 MEDIUM
Improper Input Validation (CWE-20)
2026-06-30 chrome-cve-admin@google.com GHSA-9xm7-7v5p-655w
4.3
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
vuln.today AI
3.1 LOW

Renderer compromise prerequisite elevates AC to H; PR:N and UI:R match the direct WebXR exploitation step; I:L for UI spoofing only with no C or A impact.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 16:35 vuln.today
CVSS changed
Jul 01, 2026 - 16:22 NVD
4.3 (MEDIUM)
CVE Published
Jun 30, 2026 - 23:17 cve.org
MEDIUM 4.3
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Insufficient validation of untrusted input in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

AnalysisAI

UI spoofing in Google Chrome's WebXR subsystem (versions prior to 150.0.7871.47) is achievable by an attacker who has already compromised the renderer process, allowing manipulation of browser UI elements via a crafted HTML page. The vulnerability is a second-stage attack component, not a standalone entry point - exploitation chains through a separate renderer compromise before WebXR's insufficient input validation can be abused. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Deliver separate renderer exploit via malicious page
Delivery
Compromise Chrome renderer process
Exploit
Craft malformed WebXR IPC messages
Execution
Send to browser process bypassing input validation
Persist
Spoof browser UI element (dialog, indicator)
Impact
Deceive user into granting access or trusting attacker content

Vulnerability AssessmentAI

Exploitation Exploitation requires two concrete prerequisites in sequence: (1) the attacker must have already achieved code execution within the Chrome renderer process via a separate vulnerability - this is the primary limiting factor and represents a substantial attack cost; (2) the victim must actively interact with a crafted HTML page served by the attacker (UI:R per CVSS). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) captures the isolated WebXR step but arguably underweights the renderer compromise prerequisite, which constitutes a significant attack barrier. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already compromised a Chrome renderer process through a separate vulnerability (such as a V8 JavaScript engine memory corruption flaw) uses that foothold to send crafted, malformed WebXR IPC messages to the browser process. The browser's WebXR handler, failing to validate these inputs, renders attacker-controlled UI elements as if they were legitimate browser chrome - spoofing, for example, a permission dialog or SSL indicator - causing the victim to grant permissions or trust a connection they otherwise would not. …
Remediation Upgrade Google Chrome to version 150.0.7871.47 or later, as released in the stable channel update documented at chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

EUVD-2026-40708 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy