CVE Catalog

CVE-2026-13774

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile — higher than 22% of all known CVEs

Summary

A use-after-free vulnerability in Extensions in Google Chrome prior to 150.0.7871.47 allows an attacker who convinces a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.

Risk Assessment

The risk for the organization is critical – successful exploitation could lead to full browser compromise and potentially system takeover, enabling data theft or malware installation.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later. Educate users about the risks of installing extensions from untrusted sources.

Original NVD description (English source)

Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS