CVE Catalog

CVE-2026-13785

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

A Use-After-Free vulnerability in the Bluetooth component of Google Chrome on Mac prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to potentially escape the sandbox via a crafted HTML page.

Risk Assessment

The risk for the organization includes potential system compromise by an attacker, leading to data theft, malware installation, or further propagation of the attack within the network.

Recommendation

It is recommended to immediately update Google Chrome on all Mac computers to version 150.0.7871.47 or later and to inform users about the risks of clicking on suspicious links.

Original NVD description (English source)

Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS