CVE Catalog

CVE-2026-13282

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile — higher than 2% of all known CVEs

Summary

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device.

Risk Assessment

The risk involves potential takeover of the browser or unauthorized payment operations by an attacker with physical access to the Android device.

Recommendation

Immediately update Google Chrome on Android to version 149.0.7827.201 or later to mitigate this vulnerability.

Original NVD description (English source)

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS