CVE-2026-2323 Overview
CVE-2026-2323 is a UI Spoofing vulnerability in Google Chrome's Downloads component. An inappropriate implementation in the Downloads feature in Google Chrome prior to version 145.0.7632.45 allows a remote attacker to perform UI spoofing via a crafted HTML page. This vulnerability is classified under CWE-451 (User Interface (UI) Misrepresentation of Critical Information).
Critical Impact
Attackers can leverage this vulnerability to deceive users through manipulated download dialogs or UI elements, potentially tricking users into downloading malicious files or clicking on spoofed interface elements that appear legitimate.
Affected Products
- Google Chrome prior to version 145.0.7632.45
- Chromium-based browsers using vulnerable Downloads component
- Desktop platforms running affected Chrome versions (Windows, macOS, Linux)
Discovery Timeline
- February 11, 2026 - CVE-2026-2323 published to NVD
- February 12, 2026 - Last updated in NVD database
Technical Details for CVE-2026-2323
Vulnerability Analysis
This vulnerability stems from an inappropriate implementation in the Downloads component of Google Chrome. The flaw allows attackers to craft malicious HTML pages that can manipulate how download-related UI elements are presented to users. By exploiting this weakness, an attacker can create a spoofed user interface that misrepresents critical information about downloads, potentially deceiving users about the true nature, source, or safety of files they are downloading.
The attack requires user interaction, meaning the victim must visit a malicious webpage containing the crafted HTML payload. Once the victim interacts with the page, the attacker can display misleading download prompts, fake file information, or spoofed security indicators that don't accurately reflect the actual download being initiated.
Root Cause
The root cause is an inappropriate implementation in Chrome's Downloads feature that fails to properly validate or sanitize how download-related information is rendered in the user interface. This allows specially crafted HTML content to manipulate the visual presentation of download dialogs or notifications, leading to UI Misrepresentation of Critical Information (CWE-451).
The vulnerability exists in the handling of download-related UI components, where the browser does not adequately prevent external content from influencing how download information is displayed to users.
Attack Vector
The attack vector is network-based, requiring the victim to navigate to a malicious website controlled by the attacker. The exploitation flow involves:
- Attacker crafts a malicious HTML page designed to exploit the Downloads implementation flaw
- Victim is lured to visit the attacker-controlled webpage through phishing or other social engineering tactics
- The crafted HTML manipulates Chrome's download UI to display misleading information
- User is deceived into taking actions based on the spoofed interface, such as downloading malicious files believing them to be legitimate
The vulnerability requires user interaction (visiting the malicious page) but does not require any privileges. The impact is limited to integrity concerns, specifically the ability to deceive users through visual misrepresentation.
Detection Methods for CVE-2026-2323
Indicators of Compromise
- Unusual download prompts appearing from untrusted or suspicious web pages
- Download dialogs displaying inconsistent or unexpected file information
- Reports of users receiving deceptive download notifications that don't match actual file properties
Detection Strategies
- Monitor browser version deployments across the organization to identify instances running Chrome versions prior to 145.0.7632.45
- Implement web filtering to detect and block access to known malicious domains attempting UI spoofing attacks
- Deploy endpoint detection solutions capable of identifying anomalous browser behavior during download operations
Monitoring Recommendations
- Enable Chrome Enterprise reporting to track browser versions and security policy compliance
- Configure web proxy logging to capture and analyze download-related traffic patterns
- Implement user awareness monitoring to identify potential successful spoofing attempts through help desk ticket analysis
How to Mitigate CVE-2026-2323
Immediate Actions Required
- Update Google Chrome to version 145.0.7632.45 or later immediately across all systems
- Verify automatic updates are enabled and functioning on all Chrome installations
- Educate users about potential UI spoofing attacks and the importance of verifying download sources
Patch Information
Google has addressed this vulnerability in Chrome version 145.0.7632.45. The fix is included in the stable channel update released for desktop platforms. Organizations should ensure all Chrome installations are updated to this version or later to remediate the vulnerability.
For detailed patch information, refer to the Google Chrome Update Blog. Additional technical details about the vulnerability can be found in the Chromium Issue Tracker ID #467442136.
Workarounds
- Implement strict web filtering policies to limit access to untrusted websites until patches can be deployed
- Enable Chrome's Enhanced Safe Browsing feature to provide additional protection against malicious sites
- Consider using browser isolation technologies for high-risk users or environments where immediate patching is not feasible
# Verify Chrome version on Linux/macOS
google-chrome --version
# Should show: Google Chrome 145.0.7632.45 or later
# Force Chrome update check (Windows PowerShell)
# Navigate to chrome://settings/help to trigger manual update check
Start-Process "chrome://settings/help"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
