CVE Catalog

CVE-2026-13027

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

9th percentile - higher than 9% of all known CVEs

Summary

Use-After-Free vulnerability in the FileSystem component in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The issue was rated as High severity in Chromium security.

Risk Assessment

An attacker could remotely cause a browser crash or potentially execute arbitrary code in the context of the browser process, leading to compromise of user data confidentiality and integrity.

Recommendation

Immediately update Google Chrome to version 149.0.7827.197 or later. Users of Chromium-based browsers should apply the appropriate patches from their vendors.

Original NVD description (English source)

Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS