CVE-2026-13964
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. The issue is due to inadequate security policy enforcement.
Risk Assessment
An attacker could exploit this vulnerability to redirect users to malicious sites or perform unauthorized actions within the WebView context, potentially leading to data theft or malware infection.
Recommendation
Immediately update Google Chrome on Android to version 150.0.7871.47 or later to remediate the vulnerability.
Original NVD description (English source)
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

