CVE Catalog

CVE-2026-13816

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

Insufficient validation of untrusted input in File Input in Google Chrome on Android prior to version 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Risk Assessment

An attacker can exfiltrate sensitive data from other origins, posing a risk to user privacy and organizational data security, especially in environments using the browser on mobile devices.

Recommendation

Immediately update Google Chrome on Android to version 150.0.7871.47 or later. It is also recommended to enforce automatic browser update policies on mobile devices.

Original NVD description (English source)

Insufficient validation of untrusted input in File Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS