CVE Catalog

CVE-2026-13831

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

An out-of-bounds read and write vulnerability in the GPU of Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page.

Risk Assessment

An attacker can execute arbitrary code within the sandbox, potentially leading to privilege escalation, data theft, or further system compromise.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later. Chromium users should apply the corresponding patch.

Original NVD description (English source)

Out of bounds read and write in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS