Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
DEBIAN-CVE-2026-3937
Summary
Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
What to do
- Update debian chromium to version 146.0.7680.71-1~deb12u1.
- Update debian chromium to version 146.0.7680.71-1~deb13u1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | chromium | All versions | – |
| debian | chromium | <= 146.0.7680.71-1~deb12u1 | 146.0.7680.71-1~deb12u1 |
| debian | chromium | <= 146.0.7680.71-1~deb13u1 | 146.0.7680.71-1~deb13u1 |
| debian | chromium | All versions | – |
Original title
Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Original description
Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- https://security-tracker.debian.org/tracker/CVE-2026-3937 Vendor Advisory
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 14 Mar 2026