CVE Catalog

CVE-2026-13864

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

Insufficient policy enforcement in WebHID in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension.

Risk Assessment

The risk involves privilege escalation through a malicious extension, potentially leading to unauthorized access to HID devices and system compromise.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later. Also educate users to install only trusted extensions.

Original NVD description (English source)

Insufficient policy enforcement in WebHID in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS