CVE Catalog

CVE-2026-13925

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

An inappropriate implementation in the Downloads feature of Google Chrome on Windows prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to execute arbitrary code via a crafted HTML page.

Risk Assessment

An attacker could gain control of the victim's system, installing malware or stealing data, if the user is tricked into interacting with the browser interface.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later on all Windows systems.

Original NVD description (English source)

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS