CVE-2026-13774
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
A use-after-free vulnerability in Extensions in Google Chrome prior to 150.0.7871.47 allows an attacker who convinces a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
Risk Assessment
The risk for the organization is critical – successful exploitation could lead to full browser compromise and potentially system takeover, enabling data theft or malware installation.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later. Educate users about the risks of installing extensions from untrusted sources.
Original NVD description (English source)
Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical)

