CVE Catalog

CVE-2026-13849

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file.

Risk Assessment

A local attacker could gain access to system resources outside the browser sandbox, increasing the risk of privilege escalation and system compromise.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later on all Windows systems. Restrict local access to workstations for unauthorized users.

Original NVD description (English source)

Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS