CVE-2026-8584 — MEDIUM (4.2)

Vulnerability Description

Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVSS Score

4.2

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Google	Chrome	148.0.7778.168
Apple	Iphone Os	-

Related Weaknesses (CWE)

CWE-451

References

https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_Vendor Advisory
https://issues.chromium.org/issues/498892595Permissions Required

FAQ

What is CVE-2026-8584?

CVE-2026-8584 is a vulnerability with a CVSS score of 4.2 (MEDIUM). Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page....

How severe is CVE-2026-8584?

CVE-2026-8584 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-8584?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Iphone Os.