CVE-2026-13024
MediumCVSS 4.2Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Risk Assessment
The risk involves the possibility of bypassing site isolation, which could lead to a breach of data confidentiality between different websites in the browser.
Recommendation
Immediately update Google Chrome to version 149.0.7827.197 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

