CVE-2026-13849
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file.
Risk Assessment
A local attacker could gain access to system resources outside the browser sandbox, increasing the risk of privilege escalation and system compromise.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later on all Windows systems. Restrict local access to workstations for unauthorized users.
Original NVD description (English source)
Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

