CVE Catalog

CVE-2026-13805

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

A Use-After-Free vulnerability in the GFX component of Google Chrome on Mac prior to version 150.0.7871.47 allows a remote attacker to execute arbitrary code via a crafted HTML page. The issue is rated as High severity by the Chromium security team.

Risk Assessment

An attacker can remotely take control of the victim's system without user interaction, leading to data theft, malware installation, or further propagation within the organization's network.

Recommendation

Immediately update Google Chrome on all Mac computers to version 150.0.7871.47 or later. Consider enabling automatic browser updates.

Original NVD description (English source)

Use after free in GFX in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS