
PEACH
Un cadre d’isolation des locataires
CVE-2026-14153 is a UI spoofing vulnerability caused by an inappropriate implementation in the Glic component of Google Chrome. It affects all versions of Google Chrome prior to 150.0.7871.47 on Windows, Mac, and Linux. A remote attacker who convinces a user to perform specific UI gestures can exploit a crafted HTML page to spoof the browser's user interface. The vulnerability was disclosed on June 30, 2026, and carries a CVSS v3.1 base score of 5.3 (Medium), with a Chromium-assigned severity of Low (GitHub Advisory, Chrome Releases).
The root cause is classified as CWE-451 (User Interface Misrepresentation of Critical Information), meaning the Glic component in Chrome fails to properly represent critical UI information to the user, enabling spoofing of dialogs or content. Exploitation requires the attacker to serve a crafted HTML page and socially engineer the victim into performing specific UI gestures (e.g., clicks or interactions), after which the malicious page can render spoofed UI elements that mimic legitimate Chrome interfaces. The attack vector is network-based, requires no privileges, but does require user interaction and has high attack complexity, limiting opportunistic exploitation (GitHub Advisory).
Successful exploitation allows an unauthenticated remote attacker to deceive users by displaying spoofed UI elements — such as fake dialogs, permission prompts, or content origin indicators — that do not reflect the true state or source of browser content. The primary impact is to confidentiality (rated High in CVSS), as users may be tricked into disclosing sensitive information or granting permissions based on falsified UI. There is no direct integrity or availability impact, and the vulnerability's scope is unchanged, limiting blast radius to the affected browser session (GitHub Advisory).
Google has released a patch in Chrome version 150.0.7871.47 (Windows/Mac) and 150.0.7871.46 (Linux), which is part of the Chrome 151 stable channel promotion announced June 30, 2026. Users and administrators should update Google Chrome to version 150.0.7871.47 or later immediately. As a general precaution, users should be cautious when visiting untrusted websites and remain alert to UI elements that appear inconsistent with Chrome's standard appearance (Chrome Releases).
Source: Ce rapport a été généré à l’aide de l’IA
Évaluation gratuite des vulnérabilités
Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.
Obtenez une démo personnalisée
"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."