CVE Catalog

CVE-2026-13929

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass navigation restrictions via a malicious file. The issue stems from inadequate security policy enforcement.

Risk Assessment

A local attacker can bypass navigation restrictions, potentially gaining access to unauthorized resources or performing unwanted actions in the browser.

Recommendation

It is recommended to immediately update Google Chrome on Android to version 150.0.7871.47 or later, which includes the fix.

Original NVD description (English source)

Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS