CVE-2026-13821
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk27th percentile — higher than 27% of all known CVEs
Summary
A Use-After-Free vulnerability in the Canvas component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This issue is rated as High severity by the Chromium security team.
Risk Assessment
An attacker could exploit this vulnerability to gain control of the browser process within the sandbox, potentially leading to data theft, malware installation, or further privilege escalation on the system.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later. Restart the browser after the update to apply the changes.
Original NVD description (English source)
Use after free in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

