Medium severity5.4NVD Advisory· Published May 6, 2026· Updated May 7, 2026
CVE-2026-8019
CVE-2026-8019
Description
Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.htmlnvdVendor AdvisoryRelease Notes
- issues.chromium.org/issues/498353173nvdPermissions Required
News mentions
12- Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes holdThe Record · May 13, 2026
- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026
- Microsoft May 2026 Patch Tuesday, (Tue, May 12th)SANS Internet Storm Center · May 12, 2026
- Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)Tenable Blog · May 12, 2026
- Cookie thieves caught stealing dev secrets via fake Claude Code installersThe Register Security · May 11, 2026
- Microsoft says Edge’s plaintext password behavior is “by design”Malwarebytes Labs · May 8, 2026
- Google Chrome’s silent 4GB AI download problem [updated]Malwarebytes Labs · May 6, 2026
- The Good, the Bad and the Ugly in Cybersecurity – Week 16SentinelOne Labs · Apr 17, 2026
- Patch Tuesday - April 2026Rapid7 Blog · Apr 14, 2026
- Patch Tuesday, April 2026 EditionKrebs on Security · Apr 14, 2026
- 6th April – Threat Intelligence ReportCheck Point Research · Apr 6, 2026
- The Good, the Bad and the Ugly in Cybersecurity – Week 14SentinelOne Labs · Apr 3, 2026