Medium

UI spoofing in Google Chrome UI on Windows

IdentifiersCVE-2026-9110CWE-451· User Interface (UI)…

CVE-2026-9110 is a critical inappropriate implementation flaw in the Google Chrome UI on Windows affecting versions prior to 148.0.7778.179. According to the provided content, a remote attacker who had already compromised the renderer process could use a crafted HTML page to perform UI spoofing. The issue is described as residing in Chrome's UI layer and could allow spoofing of browser interface elements or bypass of security restrictions. No more specific vulnerable function or code path is provided in the available material.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an attacker with renderer-process compromise to present spoofed browser UI elements, such as fake browser windows or dialog boxes that appear legitimate to the user. This can be used to mislead users into disclosing credentials or other sensitive information, undermine browser trust indicators, and bypass user-facing security expectations. The provided content does not state direct code execution from this flaw alone; the primary impact described is UI spoofing and associated security restriction bypass.

Mitigation

If you can’t patch tonight, do this now.

Apply the vendor patch as the primary mitigation. Until patching is complete, reduce exposure by limiting use of untrusted websites and HTML content, enforcing rapid browser update policies, and using endpoint controls that reduce the likelihood of renderer compromise, since exploitation requires the renderer process to already be compromised. User awareness around suspicious browser prompts may reduce phishing effectiveness, but this is not a substitute for patching.

Remediation

Patch, then assume compromise.

Update Google Chrome to version 148.0.7778.179 or later on Windows. The provided content states the vulnerability affects Chrome on Windows prior to 148.0.7778.179 and was addressed in the Chrome Stable channel update to 148.0.7778.178/179 for Windows and Mac. Administrators should ensure the browser is updated and restarted so the patched version is active.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

GoogleChromeapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app

malwarebytesNews

May 22, 2026

Update Chrome now: Critical bugs could let attackers run code | Malwarebytes

A critical Chrome UI spoofing vulnerability on Windows that allows an attacker with a compromised renderer process to display convincing fake browser windows or dialogs via a crafted HTML page.

cyber security newsNews

May 21, 2026

Critical Chrome Vulnerabilities Enables Remote Code Execution Attacks - Patch Now!

A critical inappropriate implementation flaw in the Chrome UI layer that could enable security restriction bypass or browser interface spoofing.

chrome releases blogNews

May 19, 2026

Chrome Releases: Stable Channel Update for Desktop

A critical inappropriate implementation vulnerability in the Chrome UI.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-9110

NVD

nvd.nist.gov/vuln/detail/CVE-2026-9110

MITRE CWE · CWE-451

User Interface (UI) Misrepresentation of…

Vendor Advisory

chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html

Permissions Required

issues.chromium.org/issues/503551154