CVE-2026-9110
published 2026-05-20CVE-2026-9110: Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to…
medium4.2CVSS 3.1
AVNACHPRNUIRSUCLINAL
Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Critical)
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fastify | fastify | >= 5.7.2 < 5.8.1 | 5.8.1 |
| chrome | < 148.0.7778.179 | 148.0.7778.179 | |
| chrome | >= 148.0.7778.179 < 148.0.7778.179 | 148.0.7778.179 | |
| chrome_desktop | — | — | |
| nodejs | undici | >= 0 < 6.23.0 | 6.23.0 |
| nodejs | undici | >= 7.0.0 < 7.18.2 | 7.18.2 |
CVSS provenance
nvdv3.14.2MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L
ghsa6.5MEDIUM