CVE-2026-0904User Interface (UI) Misrepresentation of Critical Information in Google Chrome

CWE-451User Interface (UI) Misrepresentation of Critical Information9 documents9 sources
Severity
5.4MEDIUMNVD
EPSS
0.0%
top 88.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeChromium
Timeline
PublishedJan 20
Latest updateFeb 27

Description

Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

CVEListV5google/chrome144.0.7559.59144.0.7559.59
NVDgoogle/chrome< 144.0.7559.59+1
Debianchromium/chromium< 144.0.7559.59-1~deb12u1+2

🔴Vulnerability Details

3
CVEList
CVE-2026-0904: Incorrect security UI in Digital Credentials in Google Chrome prior to 1442026-01-20
OSV
CVE-2026-0904: Incorrect security UI in Digital Credentials in Google Chrome prior to 1442026-01-20
GHSA
GHSA-pj9h-fmxg-jwmr: Incorrect security UI in Digital Credentials in Google Chrome prior to 1442026-01-20

📋Vendor Advisories

4
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2026-09042026-02-27
Red Hat
chromium-browser: Incorrect security UI in Digital Credentials2026-01-13
Microsoft
Chromium: CVE-2026-0904 Incorrect security UI in Digital Credentials2026-01-13
Debian
CVE-2026-0904: chromium - Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.755...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-0904 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-0904 — Google Chrome vulnerability | cvebase