Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Debian DLA |
DLA-4672-1 | chromium security update |
Debian DSA |
DSA-6378-1 | chromium security update |
Wed, 08 Jul 2026 03:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Chrome Extension UI flaw allows injection of arbitrary scripts via crafted web pages |
Tue, 07 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Chrome Extension UI Allows User‑Experience Cross‑Site Scripting |
Mon, 06 Jul 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Chrome Extension UI Allows User‑Experience Cross‑Site Scripting |
Sun, 05 Jul 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | User‑experience cross‑site scripting via malicious Chrome extension |
Sun, 05 Jul 2026 04:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | User‑experience cross‑site scripting via malicious Chrome extension |
Sat, 04 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Incorrect Extension UI Enables UXSS via Malicious Extension |
Fri, 03 Jul 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Incorrect Extension UI Enables UXSS via Malicious Extension |
Fri, 03 Jul 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Extension UI allows injected scripts via malicious extension |
Fri, 03 Jul 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Extension UI allows injected scripts via malicious extension |
Thu, 02 Jul 2026 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Google Chrome Extension UI Script Injection Flaw |
Thu, 02 Jul 2026 11:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Google Chrome Extension UI Script Injection Flaw |
Wed, 01 Jul 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Cross‑Site Scripting via Incorrect Extension UI in Chrome |
Wed, 01 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Wed, 01 Jul 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Cross‑Site Scripting via Incorrect Extension UI in Chrome | |
| Weaknesses | CWE-79 |
Wed, 01 Jul 2026 13:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Google
Google chrome |
|
| Vendors & Products |
Google
Google chrome |
Wed, 01 Jul 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Chrome Extension UI flaw permits arbitrary script and HTML injection | |
| Weaknesses | CWE-79 |
Wed, 01 Jul 2026 01:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Chrome Extension UI flaw permits arbitrary script and HTML injection | |
| Weaknesses | CWE-79 |
Tue, 30 Jun 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Incorrect security UI in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium) | |
| References |
|
Status: PUBLISHED
Assigner: Chrome
Published:
Updated: 2026-07-01T19:38:27.717Z
Reserved: 2026-06-29T23:04:01.496Z
Link: CVE-2026-13957
Updated: 2026-07-01T19:38:22.670Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T03:30:16Z
Debian DLA
Debian DSA