CVE Catalog

CVE-2026-13938

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

An integer overflow in the Fonts component of Google Chrome prior to 150.0.7871.47 allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page.

Risk Assessment

An attacker could exploit this vulnerability to execute arbitrary code in the browser context, potentially leading to session takeover or data theft.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later. Users should also enable automatic updates.

Original NVD description (English source)

Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS