anonhaven
Ad

CVE-2026-3927

MEDIUM CVSS 3.1: 4.3 EPSS 0.03%
Updated Mar 13, 2026
Google
Parameter Value
CVSS 4.3 (MEDIUM)
Affected Versions before 146.0.7680.71
Fixed In 146.0.7680.71
Type CWE-451
Vendor Google
Public PoC No

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
None
No data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-451

Vulnerable Products 4

Configuration From (including) Up to (excluding)
Google Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
 146.0.7680.71
Apple Macos
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Windows
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References 2

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop…
chrome-cve-admin@google.com
https://issues.chromium.org/issues/474948986
chrome-cve-admin@google.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-3910

Google

8.8

CVE-2026-3909

Google

8.8

CVE-2026-3936

Google

8.8

CVE-2026-3931

Linux

8.8

CVE-2026-3926

Linux

8.8