CVE-2026-13936
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
An inappropriate implementation in Passwords in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Risk Assessment
An attacker could steal credentials or other confidential data from browser memory, leading to confidentiality breaches and potential account takeover.
Recommendation
Immediately update Google Chrome on Android to version 150.0.7871.47 or later to remediate this vulnerability.
Original NVD description (English source)
Inappropriate implementation in Passwords in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

