CVE-2026-13816
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk18th percentile — higher than 18% of all known CVEs
Summary
Insufficient validation of untrusted input in File Input in Google Chrome on Android prior to version 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Risk Assessment
An attacker can exfiltrate sensitive data from other origins, posing a risk to user privacy and organizational data security, especially in environments using the browser on mobile devices.
Recommendation
Immediately update Google Chrome on Android to version 150.0.7871.47 or later. It is also recommended to enforce automatic browser update policies on mobile devices.
Original NVD description (English source)
Insufficient validation of untrusted input in File Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

