CVE-2026-13885
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk30th percentile — higher than 30% of all known CVEs
Summary
A use-after-free vulnerability in Skia in Google Chrome on Android prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Risk Assessment
An attacker could gain control of the browser process within the sandbox, potentially leading to data theft or further privilege escalation on the Android device.
Recommendation
Immediately update Google Chrome on Android to version 150.0.7871.47 or later. Users should enable automatic updates in the Play Store.
Original NVD description (English source)
Use after free in Skia in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

