Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Google Chrome UI Spoofing via PictureInPicture
CVE-2026-3942
Summary
A security issue in older versions of Google Chrome allows a malicious website to trick you into doing something you didn't intend. This is a low-risk issue, but it's still a good idea to update to the latest version of Chrome to protect yourself. Simply updating to the latest version of Chrome will fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| chrome | <= 146.0.7680.71 | – |
Original title
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Original description
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Vulnerability type
CWE-451
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026