CVE Catalog
CVE-2026-13835
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk0.28%
20th percentile — higher than 20% of all known CVEs
Summary
An inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The issue is rated as high severity.
Risk Assessment
A remote attacker could cause heap corruption, potentially leading to browser crashes or arbitrary code execution in the user's context.
Recommendation
Update Google Chrome to version 150.0.7871.47 or later immediately.
Original NVD description (English source)
Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

