CVE-2026-13939: Insufficient validation of untrusted input in Google Chrome
CVE-2026-13939 is a medium severity vulnerability in Google Chrome on Android prior to version 150.0.7871.47. It involves insufficient validation of untrusted input in the WebShare feature, which could allow a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page. No CVSS score is provided. There is no explicit vendor advisory stating a fix, but the affected version indicates the vulnerability is addressed in 150.0.7871.47.
AI Analysis
Technical Summary
This vulnerability in Google Chrome on Android arises from insufficient validation of untrusted input in the WebShare component. An attacker with control over the renderer process could exploit this flaw to conduct UI spoofing attacks by crafting malicious HTML pages. The issue affects versions prior to 150.0.7871.47, with the fixed version identified as 150.0.7871.47. No detailed CVSS score or explicit remediation level is provided in the vendor advisory, but the presence of a fixed version implies a patch is available.
Potential Impact
The vulnerability allows a remote attacker who has already compromised the renderer process to perform UI spoofing, potentially misleading users by displaying deceptive user interface elements. This could facilitate phishing or other social engineering attacks within the browser context. There is no indication of code execution or data exfiltration directly from this vulnerability.
Mitigation Recommendations
Users should update Google Chrome on Android to version 150.0.7871.47 or later to remediate this vulnerability. Since the vendor advisory URL references a stable channel update, this version includes the fix. No additional mitigation steps are indicated.
CVE-2026-13939: Insufficient validation of untrusted input in Google Chrome
Description
CVE-2026-13939 is a medium severity vulnerability in Google Chrome on Android prior to version 150.0.7871.47. It involves insufficient validation of untrusted input in the WebShare feature, which could allow a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page. No CVSS score is provided. There is no explicit vendor advisory stating a fix, but the affected version indicates the vulnerability is addressed in 150.0.7871.47.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Google Chrome on Android arises from insufficient validation of untrusted input in the WebShare component. An attacker with control over the renderer process could exploit this flaw to conduct UI spoofing attacks by crafting malicious HTML pages. The issue affects versions prior to 150.0.7871.47, with the fixed version identified as 150.0.7871.47. No detailed CVSS score or explicit remediation level is provided in the vendor advisory, but the presence of a fixed version implies a patch is available.
Potential Impact
The vulnerability allows a remote attacker who has already compromised the renderer process to perform UI spoofing, potentially misleading users by displaying deceptive user interface elements. This could facilitate phishing or other social engineering attacks within the browser context. There is no indication of code execution or data exfiltration directly from this vulnerability.
Mitigation Recommendations
Users should update Google Chrome on Android to version 150.0.7871.47 or later to remediate this vulnerability. Since the vendor advisory URL references a stable channel update, this version includes the fix. No additional mitigation steps are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-29T23:03:57.058Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html","vendor":"Google"}]
Threat ID: 6a444c2127e9c7971985cd60
Added to database: 06/30/2026, 23:07:13 UTC
Last enriched: 07/01/2026, 02:53:12 UTC
Last updated: 07/01/2026, 02:53:12 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.