CVE Catalog

CVE-2026-13848

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

A Use-After-Free vulnerability in the Forms component of Google Chrome prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Risk Assessment

An attacker could exploit this to gain code execution within the browser sandbox, potentially leading to privilege escalation and data compromise.

Recommendation

Update Google Chrome to version 150.0.7871.47 or later immediately. Users should also enable automatic updates.

Original NVD description (English source)

Use after free in Forms in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS