CVE Catalog

CVE-2026-13024

MediumCVSS 4.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Risk Assessment

The risk involves the possibility of bypassing site isolation, which could lead to a breach of data confidentiality between different websites in the browser.

Recommendation

Immediately update Google Chrome to version 149.0.7827.197 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS