CVE-2026-13822
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
In Google Chrome on Android prior to version 150.0.7871.47, an inappropriate implementation in Extensions allowed an attacker who convinced a user to install a malicious extension to bypass the same origin policy via a crafted Chrome Extension.
Risk Assessment
An attacker can bypass browser security mechanisms, gaining unauthorized access to data from other origins, potentially leading to theft of sensitive information or session hijacking.
Recommendation
Immediately update Google Chrome on Android to version 150.0.7871.47 or later, and verify that users have not installed suspicious extensions.
Original NVD description (English source)
Inappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)

