CVE-2026-13805
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk27th percentile — higher than 27% of all known CVEs
Summary
A Use-After-Free vulnerability in the GFX component of Google Chrome on Mac prior to version 150.0.7871.47 allows a remote attacker to execute arbitrary code via a crafted HTML page. The issue is rated as High severity by the Chromium security team.
Risk Assessment
An attacker can remotely take control of the victim's system without user interaction, leading to data theft, malware installation, or further propagation within the organization's network.
Recommendation
Immediately update Google Chrome on all Mac computers to version 150.0.7871.47 or later. Consider enabling automatic browser updates.
Original NVD description (English source)
Use after free in GFX in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

