CVE Catalog

CVE-2026-13792

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

A use-after-free vulnerability in the Touchbar component of Google Chrome on Mac prior to version 150.0.7871.47 was discovered. A remote attacker could exploit a crafted HTML page to potentially achieve a sandbox escape.

Risk Assessment

The risk for the organization is the potential compromise of the browser process and bypass of sandbox isolation, which could lead to further privilege escalation on the system.

Recommendation

Immediately update Google Chrome on all Mac computers to version 150.0.7871.47 or later.

Original NVD description (English source)

Use after free in Touchbar in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS