CVE Catalog

CVE-2026-13029

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile - higher than 5% of all known CVEs

Summary

A use after free vulnerability in Web Authentication in Google Chrome prior to version 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Risk Assessment

This vulnerability poses a high risk to organizations as it allows attackers to potentially take control of the user's system through malicious extensions.

Recommendation

It is recommended to update Google Chrome to the latest version to mitigate this vulnerability and to monitor installed extensions for potentially malicious applications.

Original NVD description (English source)

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS