CVE-2026-13811
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk27th percentile — higher than 27% of all known CVEs
Summary
A use-after-free vulnerability in the IME component of Google Chrome prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The issue has a high severity rating from Chromium.
Risk Assessment
An attacker can gain control over the browser process within the sandbox, potentially leading to data theft or further privilege escalation on the system.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later. Scan systems for signs of exploitation.
Original NVD description (English source)
Use after free in IME in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

