Vulnerabilities ›

CVE-2026-10004

Medium

CWE-20 — Weakness Type

                    Published: May 28, 2026                      ·  Modified: May 31, 2026                      ·  Source: NVD                

CVSS v3

6.5

🔗 NVD Official

📄 Description (English)

Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

🤖 AI Executive Summary

CVE-2026-10004 is a UI spoofing vulnerability in Google Chrome versions prior to 148.0.7778.216 caused by insufficient input validation in password fields. Remote attackers can exploit this via crafted HTML pages to deceive users into believing they are interacting with legitimate interface elements.

📄 Description (Arabic)

تتعلق هذه الثغرة بعدم التحقق الكافي من صحة المدخلات غير الموثوقة في حقول كلمات المرور في متصفح جوجل كروم. يمكن للمهاجمين البعيدين استخدام صفحات HTML مصممة بعناية لانتحال واجهة المستخدم وخداع المستخدمين.

🤖 ملخص تنفيذي (AI)

This vulnerability affects Google Chrome browsers before version 148.0.7778.216 and allows attackers to spoof user interface elements through malicious HTML. Users could be tricked into entering credentials or performing unintended actions on compromised websites.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 08:28

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking government telecom

🎯 MITRE ATT&CK Techniques

T1566.002 T1598.003 T1187

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update Google Chrome to version 148.0.7778.216 or later immediately. Users should also enable automatic updates in Chrome settings and avoid visiting untrusted websites that may host exploit code.

🔧 خطوات المعالجة (العربية)

قم بتحديث جوجل كروم إلى الإصدار 148.0.7778.216 أو أحدث فوراً. يجب على المستخدمين تفعيل التحديثات التلقائية وتجنب زيارة المواقع غير الموثوقة التي قد تحتوي على أكواد استغلالية.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.7.1.2 A.8.1.1

🔵 SAMA CSF

ID.BE-1 PR.AC-1 PR.DS-2

🟡 ISO 27001:2022

A.6.1.1 A.13.1.1 A.14.2.1

🔗 References & Sources 2

🔗

https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304...

chrome-cve-admin@google.com

Vendor Advisory

🔗

https://issues.chromium.org/issues/513730012

chrome-cve-admin@google.com

Permissions Required

📦 Affected Products / CPE 2 entries

google:chrome

📊 CVSS Score

6.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityH — High

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score6.5

CWECWE-20

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-05-28

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-20

🏢 Vendor Advisories

🔗 https://chromereleases.googleblog.com/2026/05/stable...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-10004

Introduce Yourself

Sign In Required