CVE & CISA-KEV Catalog

362,600 CVEs1,630 actively exploited (KEV)AboutAPI
Active:
  • CVSS 4.8 v3·EPSS -·No fix yet

    Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 5.3 v3·EPSS -·No fix yet

    Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Incorrect security UI in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Incorrect security UI in Passwords in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 5.4 v3·EPSS -·No fix yet

    Inappropriate implementation in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Inappropriate implementation in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Inappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 5.4 v3·EPSS -·No fix yet

    Inappropriate implementation in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Incorrect security UI in Omnibox in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Inappropriate implementation in PreviewTab in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Inappropriate implementation in Printing in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Incorrect security UI in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Incorrect security UI in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 7.5 v3·EPSS -·No fix yet

    Inappropriate implementation in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Inappropriate implementation in Select in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Inappropriate implementation in Isolated Web Apps in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Inappropriate implementation in File Input in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Inappropriate implementation in SplitView in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Incorrect security UI in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Incorrect security UI in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

    Published 2026-06-30

  • CVSS 6.5 v3·EPSS -·No fix yet

    Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Inappropriate implementation in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 6.5 v3·EPSS -·No fix yet

    Inappropriate implementation in Geolocation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Incorrect security UI in File Input in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Incorrect security UI in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 6.5 v3·EPSS -·No fix yet

    Inappropriate implementation in Permissions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Insufficient validation of untrusted input in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Inappropriate implementation in UI in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 6.5 v3·EPSS -·No fix yet

    Inappropriate implementation in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 6.5 v3·EPSS -·No fix yet

    Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Incorrect security UI in Mobile in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Inappropriate implementation in Media UI in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 6.5 v3·EPSS -·No fix yet

    Inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Inappropriate implementation in UI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Incorrect security UI in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.2 v3·EPSS -·No fix yet

    Inappropriate implementation in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

  • CVSS 4.3 v3·EPSS -·No fix yet

    Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

    Published 2026-06-30

Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.