CVE Catalog

CVE-2026-13835

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

An inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The issue is rated as high severity.

Risk Assessment

A remote attacker could cause heap corruption, potentially leading to browser crashes or arbitrary code execution in the user's context.

Recommendation

Update Google Chrome to version 150.0.7871.47 or later immediately.

Original NVD description (English source)

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS