CVE Catalog

CVE-2026-13821

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

A Use-After-Free vulnerability in the Canvas component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This issue is rated as High severity by the Chromium security team.

Risk Assessment

An attacker could exploit this vulnerability to gain control of the browser process within the sandbox, potentially leading to data theft, malware installation, or further privilege escalation on the system.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later. Restart the browser after the update to apply the changes.

Original NVD description (English source)

Use after free in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS