CVE-2026-13839
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
An inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. The vulnerability has a high severity rating according to Chromium classification.
Risk Assessment
An attacker can bypass the same origin policy, potentially leading to data theft or unauthorized actions in the context of other websites, compromising user data confidentiality and integrity.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

