CVE-2026-0901User Interface (UI) Misrepresentation of Critical Information in Google Chrome

CWE-451User Interface (UI) Misrepresentation of Critical Information7 documents7 sources
Severity
5.4MEDIUMNVD
EPSS
0.0%
top 88.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeChromium
Timeline
PublishedJan 20

Description

Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

CVEListV5google/chrome144.0.7559.59144.0.7559.59
NVDgoogle/chrome< 144.0.7559.59
Debianchromium/chromium< 144.0.7559.59-1~deb12u1+2

🔴Vulnerability Details

3
OSV
CVE-2026-0901: Inappropriate implementation in Blink in Google Chrome on Android prior to 1442026-01-20
CVEList
CVE-2026-0901: Inappropriate implementation in Blink in Google Chrome on Android prior to 1442026-01-20
GHSA
GHSA-fgj7-39v4-xhp5: Inappropriate implementation in Blink in Google Chrome on Android prior to 1442026-01-20

📋Vendor Advisories

2
Microsoft
Chromium: CVE-2026-0901 Inappropriate implementation in Blink2026-01-13
Debian
CVE-2026-0901: chromium - Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-0901 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-0901 — Google Chrome vulnerability | cvebase