CVE-2026-11280
4.3 MEDIUMInappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing vi...
Published: 2026-06-05 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
- CWE
- CWE-20
Description
Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-47370 — A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain... (9.9 CRITICAL)
- CVE-2026-47369 — A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain... (9.9 CRITICAL)
- CVE-2026-47367 — A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Ent... (9.9 CRITICAL)
- CVE-2026-12034 — Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote at... (8.3 HIGH)
- CVE-2026-12025 — Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromi... (5.3 MEDIUM)