CVE-2026-13831
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
An out-of-bounds read and write vulnerability in the GPU of Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page.
Risk Assessment
An attacker can execute arbitrary code within the sandbox, potentially leading to privilege escalation, data theft, or further system compromise.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later. Chromium users should apply the corresponding patch.
Original NVD description (English source)
Out of bounds read and write in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

