CVE Catalog
CVE-2026-13282
MediumCVSS 6.8Exploitation Probability (EPSS)
Low risk0.11%
2th percentile — higher than 2% of all known CVEs
Summary
Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device.
Risk Assessment
The risk involves potential takeover of the browser or unauthorized payment operations by an attacker with physical access to the Android device.
Recommendation
Immediately update Google Chrome on Android to version 149.0.7827.201 or later to mitigate this vulnerability.
Original NVD description (English source)
Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. (Chromium security severity: High)

