CVE-2026-13027
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
Use-After-Free vulnerability in the FileSystem component in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The issue was rated as High severity in Chromium security.
Risk Assessment
An attacker could remotely cause a browser crash or potentially execute arbitrary code in the context of the browser process, leading to compromise of user data confidentiality and integrity.
Recommendation
Immediately update Google Chrome to version 149.0.7827.197 or later. Users of Chromium-based browsers should apply the appropriate patches from their vendors.
Original NVD description (English source)
Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

