CVE Catalog

CVE-2026-13033

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

In Google Chrome prior to version 149.0.7827.197, there was an out of bounds read and write vulnerability in Blink>InterestGroups, allowing a remote attacker to execute arbitrary code via a crafted HTML page.

Risk Assessment

This vulnerability has a critical severity level as it allows remote code execution, potentially leading to full control over the user's system.

Recommendation

It is recommended to update Google Chrome to the latest version to mitigate this vulnerability.

Original NVD description (English source)

Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS