Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Google Chrome Picture-in-Picture UI Can Be Tricked by Malicious Websites
CVE-2026-3927
Summary
A security weakness in Google Chrome's Picture-in-Picture feature allows hackers to create fake user interface elements on a web page, potentially tricking users into revealing sensitive information or performing unintended actions. This issue affects Chrome versions prior to 146.0.7680.71. To protect your users, update to the latest version of Google Chrome.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| chrome | <= 146.0.7680.71 | – |
Original title
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Original description
Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Vulnerability type
CWE-451
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026