CVE-2026-13836
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
An inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The issue is rated as High severity by the Chromium security team.
Risk Assessment
An attacker can exploit this vulnerability to bypass the same-origin policy and execute scripts in the context of other websites, potentially leading to session data theft, account takeover, or leakage of sensitive information.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later. Ensure the update policy covers all user workstations in the organization.
Original NVD description (English source)
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

