CVE-2026-13949
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
Insufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Risk Assessment
The organization is at risk of leaking sensitive user data, such as payment details or other information processed in browser memory, potentially leading to privacy breaches and financial losses.
Recommendation
Immediately update Google Chrome on Android to version 150.0.7871.47 or later. Inform users about the need to update.
Original NVD description (English source)
Insufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

