Google Chrome: UI spoofing possible through compromised renderer process

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Google Chrome: UI spoofing possible through compromised renderer process

CVE-2026-5891

Summary

An attacker who has compromised the Chrome browser could trick users into thinking they are seeing legitimate content. This could be done by a malicious webpage. To protect against this, update to the latest version of Google Chrome.

Original title

Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML pa...

Original description

https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop....
https://issues.chromium.org/issues/487471101

Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026