CVE Catalog

CVE-2026-13949

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

Insufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Risk Assessment

The organization is at risk of leaking sensitive user data, such as payment details or other information processed in browser memory, potentially leading to privacy breaches and financial losses.

Recommendation

Immediately update Google Chrome on Android to version 150.0.7871.47 or later. Inform users about the need to update.

Original NVD description (English source)

Insufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS