CVE Catalog

CVE-2026-13964

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. The issue is due to inadequate security policy enforcement.

Risk Assessment

An attacker could exploit this vulnerability to redirect users to malicious sites or perform unauthorized actions within the WebView context, potentially leading to data theft or malware infection.

Recommendation

Immediately update Google Chrome on Android to version 150.0.7871.47 or later to remediate the vulnerability.

Original NVD description (English source)

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS