Skip to main content

Google Chrome EUVDEUVD-2026-41157

| CVE-2026-14404 MEDIUM
User Interface (UI) Misrepresentation of Critical Information (CWE-451)
2026-07-01 Chrome GHSA-68q2-f79g-5v77
6.5
CVSS 3.1 · Vendor: Chrome
Share

Severity by source

Vendor (Chrome) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
vuln.today AI
6.5 MEDIUM

Network-delivered PDF requires no attacker privileges; victim must open it (UI:R); impact is integrity-only spoofing with no confidentiality or availability effect.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (Chrome).

CVSS VectorVendor: Chrome

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 02, 2026 - 14:52 vuln.today
CVSS changed
Jul 02, 2026 - 14:52 NVD
6.5 (None) 6.5 (MEDIUM)
CVE Published
Jul 01, 2026 - 22:21 cve.org
MEDIUM 6.5
CVE Published
Jul 01, 2026 - 22:21 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. (Chromium security severity: Medium)

AnalysisAI

UI spoofing via a crafted PDF file in Google Chrome's PDFium rendering engine allows a remote, unauthenticated attacker to visually mislead users into performing unintended actions or trusting falsified content. All Chrome versions prior to 150.0.7871.46 are affected. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Deliver crafted PDF via web or email
Delivery
Victim opens PDF in Chrome
Exploit
PDFium processes malicious document
Execution
Spoofed UI elements rendered in browser
Impact
Victim deceived into unintended action

Vulnerability AssessmentAI

Exploitation The attacker must deliver a crafted PDF to the target, and the victim must open it in an affected version of Chrome (prior to 150.0.7871.46) using its built-in PDFium renderer. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) reflects a meaningful integrity-only impact with no authentication barrier for the attacker - but requires victim interaction (opening a PDF). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts or emails a specially crafted PDF file and social-engineers a target into opening it in Chrome. Once the victim opens the PDF, PDFium processes the malicious document, causing Chrome to display spoofed UI elements - such as a fake security dialog, falsified origin indicator, or misleading prompt - that trick the user into taking an action (e.g., granting permissions, entering credentials, or trusting a malicious site). …
Remediation The primary fix is upgrading Google Chrome to version 150.0.7871.46 or later, which is confirmed as the patched stable channel release per the Chrome Releases advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

EUVD-2026-41157 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy