CVE Catalog

CVE-2026-13815

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

25th percentile — higher than 25% of all known CVEs

Summary

A Use-After-Free vulnerability in the Blink component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to execute arbitrary code within a sandbox via a crafted HTML page. The issue is rated as high severity.

Risk Assessment

An attacker can exploit this vulnerability to execute malicious code within the sandboxed environment, potentially compromising user data confidentiality or integrity.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Use after free in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS