CVE-2026-14141: Incorrect security UI in Google Chrome
An incorrect security UI issue in the Document Picture-in-Picture feature of Google Chrome on Android versions prior to 150.0.7871.47 allows a remote attacker to perform domain spoofing via a crafted HTML page. This vulnerability has a low severity rating and affects Chrome on Android. A fix is indicated by the presence of the fixed version 150.0.7871.47.
AI Analysis
Technical Summary
CVE-2026-14141 describes a vulnerability in Google Chrome on Android where the security user interface in the Document Picture-in-Picture feature is incorrect. This flaw enables a remote attacker to spoof domains by crafting a malicious HTML page, potentially misleading users about the origin of content. The issue affects versions prior to 150.0.7871.47 and is rated as low severity by Chromium security. No CVSS score is provided. The vendor advisory linked corresponds to a stable channel update that includes this fix.
Potential Impact
The vulnerability allows domain spoofing via the Picture-in-Picture UI, which could deceive users about the legitimacy of a webpage or content source. However, the impact is considered low severity, indicating limited risk or difficulty in exploitation.
Mitigation Recommendations
Users should update Google Chrome on Android to version 150.0.7871.47 or later, where this vulnerability is fixed. No additional mitigation steps are indicated by the vendor advisory.
CVE-2026-14141: Incorrect security UI in Google Chrome
Description
An incorrect security UI issue in the Document Picture-in-Picture feature of Google Chrome on Android versions prior to 150.0.7871.47 allows a remote attacker to perform domain spoofing via a crafted HTML page. This vulnerability has a low severity rating and affects Chrome on Android. A fix is indicated by the presence of the fixed version 150.0.7871.47.
Affected software
pkg:github/chromium/chromiumRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-14141 describes a vulnerability in Google Chrome on Android where the security user interface in the Document Picture-in-Picture feature is incorrect. This flaw enables a remote attacker to spoof domains by crafting a malicious HTML page, potentially misleading users about the origin of content. The issue affects versions prior to 150.0.7871.47 and is rated as low severity by Chromium security. No CVSS score is provided. The vendor advisory linked corresponds to a stable channel update that includes this fix.
Potential Impact
The vulnerability allows domain spoofing via the Picture-in-Picture UI, which could deceive users about the legitimacy of a webpage or content source. However, the impact is considered low severity, indicating limited risk or difficulty in exploitation.
Mitigation Recommendations
Users should update Google Chrome on Android to version 150.0.7871.47 or later, where this vulnerability is fixed. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-29T23:11:50.136Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html","vendor":"Google"}]
Threat ID: 6a444c3827e9c7971985d63b
Added to database: 06/30/2026, 23:07:36 UTC
Last enriched: 07/01/2026, 00:06:56 UTC
Last updated: 07/01/2026, 01:33:41 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.