PatchSiren cyber security CVE debrief
CVE-2026-10984 Google CVE debrief
CVE-2026-10984 is a High-severity vulnerability in Google Chrome on Android prior to 149.0.7827.53. This issue is related to an inappropriate implementation in Accessibility, which could allow a remote attacker to perform UI spoofing via a crafted HTML page. The CVSS score for this vulnerability is 5.4, categorized as MEDIUM severity.
- Vendor
- Product
- Chrome
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of Google Chrome on Android, particularly those using versions prior to 149.0.7827.53, should apply the update as soon as possible to mitigate the risk of UI spoofing attacks.
Technical summary
The vulnerability is caused by an inappropriate implementation in Accessibility in Google Chrome on Android. This could allow a remote attacker to perform UI spoofing via a crafted HTML page. The issue has been addressed in version 149.0.7827.53 of Google Chrome.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome to version 149.0.7827.53 or later to mitigate the vulnerability.
Evidence notes
Evidence for this CVE comes from the National Vulnerability Database (NVD) and the Google Chrome release notes.
Official resources
-
CVE-2026-10984 CVE record
CVE.org
-
CVE-2026-10984 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes
-
Source reference
[email protected] - Permissions Required
CVE-2026-10984 was published on 2026-06-04T23:17:01.757Z and modified on 2026-06-05T20:38:13.473Z.