CVE Catalog

CVE-2026-13811

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

A use-after-free vulnerability in the IME component of Google Chrome prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The issue has a high severity rating from Chromium.

Risk Assessment

An attacker can gain control over the browser process within the sandbox, potentially leading to data theft or further privilege escalation on the system.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later. Scan systems for signs of exploitation.

Original NVD description (English source)

Use after free in IME in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS