CVE Catalog

CVE-2026-13844

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile — higher than 1% of all known CVEs

Summary

A use-after-free vulnerability in the Updater component of Google Chrome on Windows prior to version 150.0.7871.47 allows a local attacker to perform OS-level privilege escalation via a malicious file.

Risk Assessment

A local attacker can gain full control over the operating system, compromising the confidentiality, integrity, and availability of data and the entire IT environment.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later on all Windows systems and consider restricting local user privileges.

Original NVD description (English source)

Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS