CVE-2026-13778
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
A use-after-free vulnerability in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allows a local attacker to execute arbitrary code via a malicious peripheral.
Risk Assessment
An attacker with physical access to a Mac can take control of the browser and system, leading to full compromise of data confidentiality, integrity, and availability.
Recommendation
Immediately update Google Chrome on all Mac computers to version 150.0.7871.47 or later. Restrict access to untrusted peripheral devices.
Original NVD description (English source)
Use after free in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical)

