CVE-2026-13026
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
A Use-After-Free vulnerability in the Digital Credentials component in Google Chrome on Mac prior to version 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The issue is rated as High severity in Chromium.
Risk Assessment
An attacker could remotely cause a browser crash or potentially execute arbitrary code in the context of the browser process, leading to potential compromise of user data confidentiality and integrity.
Recommendation
Immediately update Google Chrome on Mac systems to version 149.0.7827.197 or later. Users should also consider enabling automatic updates.
Original NVD description (English source)
Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

