CVE-2026-13029
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
A use after free vulnerability in Web Authentication in Google Chrome prior to version 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
Risk Assessment
This vulnerability poses a high risk to organizations as it allows attackers to potentially take control of the user's system through malicious extensions.
Recommendation
It is recommended to update Google Chrome to the latest version to mitigate this vulnerability and to monitor installed extensions for potentially malicious applications.
Original NVD description (English source)
Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

