CVE-2026-13929
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass navigation restrictions via a malicious file. The issue stems from inadequate security policy enforcement.
Risk Assessment
A local attacker can bypass navigation restrictions, potentially gaining access to unauthorized resources or performing unwanted actions in the browser.
Recommendation
It is recommended to immediately update Google Chrome on Android to version 150.0.7871.47 or later, which includes the fix.
Original NVD description (English source)
Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)

