CVE-2026-13864
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
Insufficient policy enforcement in WebHID in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension.
Risk Assessment
The risk involves privilege escalation through a malicious extension, potentially leading to unauthorized access to HID devices and system compromise.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later. Also educate users to install only trusted extensions.
Original NVD description (English source)
Insufficient policy enforcement in WebHID in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Medium)

