Skip to main content
CVE Vulnerability Database

CVE-2026-5882: Google Chrome Fullscreen XSS Vulnerability

CVE-2026-5882 is a UI spoofing XSS vulnerability in Google Chrome's Fullscreen feature that enables attackers to deceive users via crafted HTML pages. This article covers technical details, affected versions, impact, and mitigation.

Published:

CVE-2026-5882 Overview

CVE-2026-5882 is an incorrect security UI vulnerability in the Fullscreen component of Google Chrome prior to version 147.0.7727.55. This flaw allows a remote attacker to perform UI spoofing via a crafted HTML page, potentially deceiving users about the authenticity or security state of web content while in fullscreen mode.

Critical Impact

Remote attackers can exploit this vulnerability to conduct UI spoofing attacks, potentially misleading users into believing they are interacting with legitimate content while actually engaging with malicious elements.

Affected Products

  • Google Chrome prior to version 147.0.7727.55
  • Chromium-based browsers prior to version 147.0.7727.55

Discovery Timeline

  • 2026-04-08 - CVE-2026-5882 published to NVD
  • 2026-04-08 - Last updated in NVD database

Technical Details for CVE-2026-5882

Vulnerability Analysis

This vulnerability exists within the Fullscreen API implementation in Google Chrome. The security UI component responsible for displaying browser chrome elements and security indicators fails to properly render or maintain visual security cues when a web page enters fullscreen mode. This incorrect rendering of security UI elements creates an opportunity for attackers to craft malicious HTML pages that can deceive users about the legitimacy or security context of the displayed content.

The Chromium security team has classified this vulnerability as Medium severity. UI spoofing vulnerabilities in fullscreen mode are particularly dangerous because users may not be able to distinguish between legitimate browser UI elements and attacker-controlled content that mimics them.

Root Cause

The root cause of this vulnerability lies in improper handling of security UI elements within the Fullscreen component. When a malicious page requests fullscreen mode, the browser fails to adequately display security indicators that would normally alert users to the actual origin or security state of the content. This allows attackers to create convincing fake UI elements such as address bars, security padlocks, or permission dialogs.

Attack Vector

Exploitation of CVE-2026-5882 requires user interaction. An attacker must convince a victim to visit a malicious website containing specially crafted HTML content. Once the victim triggers fullscreen mode (or the page initiates it), the attacker can display fake browser UI elements that appear legitimate, potentially leading to credential theft, social engineering attacks, or other forms of user deception.

The attack flow typically involves:

  1. Victim navigates to an attacker-controlled website
  2. The malicious page requests or triggers fullscreen mode
  3. Due to the incorrect security UI handling, the attacker can overlay fake browser elements
  4. The victim may be tricked into entering credentials or interacting with malicious content believing it to be legitimate

Detection Methods for CVE-2026-5882

Indicators of Compromise

  • Unexpected fullscreen transitions on web pages without clear user intent
  • Browser UI elements appearing inconsistent or positioned unusually within fullscreen content
  • Phishing attempts that leverage fullscreen mode to display fake browser interfaces

Detection Strategies

  • Monitor for websites that aggressively request fullscreen permissions without legitimate use cases
  • Implement browser version auditing to identify Chrome installations below version 147.0.7727.55
  • Review endpoint telemetry for unusual fullscreen API usage patterns
  • Deploy browser security policies that restrict fullscreen mode to trusted domains

Monitoring Recommendations

  • Enable Chrome browser version reporting across enterprise environments to identify vulnerable installations
  • Configure browser telemetry to track fullscreen API usage and permission grants
  • Monitor user reports of suspicious browser behavior or unexpected fullscreen transitions
  • Implement security awareness training to help users recognize UI spoofing attempts

How to Mitigate CVE-2026-5882

Immediate Actions Required

  • Update Google Chrome to version 147.0.7727.55 or later immediately
  • Ensure automatic browser updates are enabled across all managed endpoints
  • Audit enterprise browser deployments for outdated Chrome versions
  • Consider implementing browser policies to restrict fullscreen mode on untrusted sites

Patch Information

Google has addressed this vulnerability in Chrome version 147.0.7727.55. The fix is detailed in the Google Chrome Update Announcement. Additional technical details about the vulnerability can be found in the Chromium Issue Tracker Entry.

Organizations should prioritize updating all Chrome installations to the patched version to eliminate exposure to this UI spoofing vulnerability.

Workarounds

  • Disable fullscreen mode via enterprise browser policies for untrusted domains
  • Educate users to be cautious when websites request fullscreen mode, especially on unfamiliar sites
  • Use browser extensions that provide additional fullscreen warnings or controls
  • Configure Content Security Policy headers on trusted web applications to control fullscreen behavior
bash
# Chrome enterprise policy to restrict fullscreen mode
# Add to Chrome policies (Windows Registry or macOS preferences)
# This restricts fullscreen to specified domains only
FullscreenAllowed: false
# Or configure via URLBlocklist for specific untrusted domains

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.