CVE Catalog

CVE-2026-13822

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

In Google Chrome on Android prior to version 150.0.7871.47, an inappropriate implementation in Extensions allowed an attacker who convinced a user to install a malicious extension to bypass the same origin policy via a crafted Chrome Extension.

Risk Assessment

An attacker can bypass browser security mechanisms, gaining unauthorized access to data from other origins, potentially leading to theft of sensitive information or session hijacking.

Recommendation

Immediately update Google Chrome on Android to version 150.0.7871.47 or later, and verify that users have not installed suspicious extensions.

Original NVD description (English source)

Inappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS