CVE Catalog

CVE-2026-13836

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

9th percentile — higher than 9% of all known CVEs

Summary

An inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The issue is rated as High severity by the Chromium security team.

Risk Assessment

An attacker can exploit this vulnerability to bypass the same-origin policy and execute scripts in the context of other websites, potentially leading to session data theft, account takeover, or leakage of sensitive information.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later. Ensure the update policy covers all user workstations in the organization.

Original NVD description (English source)

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS