CVE Catalog

CVE-2026-13778

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

A use-after-free vulnerability in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allows a local attacker to execute arbitrary code via a malicious peripheral.

Risk Assessment

An attacker with physical access to a Mac can take control of the browser and system, leading to full compromise of data confidentiality, integrity, and availability.

Recommendation

Immediately update Google Chrome on all Mac computers to version 150.0.7871.47 or later. Restrict access to untrusted peripheral devices.

Original NVD description (English source)

Use after free in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS