CVE-2026-13925
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk27th percentile — higher than 27% of all known CVEs
Summary
An inappropriate implementation in the Downloads feature of Google Chrome on Windows prior to version 150.0.7871.47 allowed a remote attacker, after convincing a user to perform specific UI gestures, to execute arbitrary code via a crafted HTML page.
Risk Assessment
An attacker could gain control of the victim's system, installing malware or stealing data, if the user is tricked into interacting with the browser interface.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later on all Windows systems.
Original NVD description (English source)
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

