CVE-2026-45150
Zen Browser - Missing Fullscreen Security Notification Allows Origin Spoofing
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controlled page to hide the real browser UI and origin information, imitate a trusted website UI, and combine with long-domain URL eliding to spoof a trusted origin for phishing and credential theft. This issue is fixed in version 1.19.13b.
| CWE | CWE-451 |
| Vendor | zen-browser |
| Product | desktop |
| Published | Jul 15, 2026 |
| Last Updated | Jul 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for zen-browser desktop
Be the first to know when new unknown vulnerabilities affecting zen-browser desktop are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
zen-browser / desktop
< 1.19.13b