GHSA-9gwh-j3gj-52pq · Severity: unknown — Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Conclusion & alert: CVE-2026-14131 is rated Risk Under Review. Mandatory action: Scoring and exploitation signals are still pending—keep following this page for CVSS or EPSS updates, then reassess remediation priority once scores appear.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
EPSS has not published a score for this CVE yet—common while NVD analysis or FIRST scoring is still pending. Monitor daily updates and reassess once scores appear.
CVSS metrics for this CVE.
No CVSS data in dataset for this CVE.
GHSA-9gwh-j3gj-52pq · Severity: unknown — Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871...
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
end-of-life | CVE-2026-14131 end-of-life priority: Debian including 1 source packages (chromium), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): open 5. | https://security-tracker.debian.org/tracker/CVE-2026-14131 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| No affected products in dataset. | |||