CVE-2026-0907
📋 TL;DR
This vulnerability allows attackers to spoof the user interface in Chrome's Split View mode, potentially tricking users into interacting with malicious content disguised as legitimate UI elements. All Chrome users on affected versions are vulnerable to this UI deception attack.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Attackers could create convincing phishing interfaces that steal credentials, financial information, or trick users into downloading malware by mimicking legitimate Chrome UI elements.
Likely Case
Most exploitation would involve phishing attempts where attackers create fake login prompts, download dialogs, or security warnings to harvest user credentials or install unwanted software.
If Mitigated
With proper user awareness training and browser security settings, users would be less likely to interact with suspicious UI elements, reducing the effectiveness of the attack.
🎯 Exploit Status
Exploitation requires user interaction with a crafted HTML page but doesn't require authentication or special permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 144.0.7559.59
Vendor Advisory: https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click the three-dot menu. 3. Go to Help > About Google Chrome. 4. Chrome will automatically check for and install updates. 5. Click 'Relaunch' to restart Chrome with the updated version.
🔧 Temporary Workarounds
Disable Split View
allTemporarily disable the Split View feature to prevent exploitation
chrome://flags/#split-view
Set to 'Disabled'
Use Incognito Mode
allIncognito mode may provide some protection against UI spoofing attacks
Ctrl+Shift+N (Windows/Linux)
Cmd+Shift+N (macOS)
🧯 If You Can't Patch
- Implement network filtering to block known malicious domains hosting crafted HTML pages
- Deploy browser security extensions that detect and block UI spoofing attempts
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in Settings > About Chrome. If version is below 144.0.7559.59, the system is vulnerable.Check Version:
google-chrome --version (Linux), "C:\Program Files\Google\Chrome\Application\chrome.exe" --version (Windows), /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --version (macOS)Verify Fix Applied:
After updating, verify Chrome version is 144.0.7559.59 or higher in Settings > About Chrome.📡 Detection & Monitoring
Log Indicators:
- Unusual browser extension activity
- Multiple failed authentication attempts from browser sessions
- User reports of suspicious browser behavior
Network Indicators:
- HTTP requests to domains hosting HTML pages with unusual UI elements
- Traffic patterns suggesting phishing campaigns
SIEM Query:
source="chrome_logs" AND (event="ui_interaction" AND suspicious_ui="true") OR (url CONTAINS "split_view" AND method="GET")