CVE Catalog
CVE-2026-13938
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk0.21%
11th percentile — higher than 11% of all known CVEs
Summary
An integer overflow in the Fonts component of Google Chrome prior to 150.0.7871.47 allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page.
Risk Assessment
An attacker could exploit this vulnerability to execute arbitrary code in the browser context, potentially leading to session takeover or data theft.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later. Users should also enable automatic updates.
Original NVD description (English source)
Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)

