CVE Catalog

CVE-2026-13788

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile — higher than 30% of all known CVEs

Summary

Use-After-Free vulnerability in Fullscreen mode in Google Chrome on Android prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code via a crafted HTML page. Chromium severity: Critical.

Risk Assessment

An attacker can take control of the Android device, steal data, or install malware without user interaction.

Recommendation

Immediately update Google Chrome on Android to version 150.0.7871.47 or later. Notify users about the required update.

Original NVD description (English source)

Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS