CVE Catalog

CVE-2026-13872

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file.

Risk Assessment

The organization faces a risk of privilege escalation by a local attacker who could gain access to system resources outside the browser sandbox, potentially leading to data confidentiality and integrity breaches.

Recommendation

Immediately update Google Chrome on Android to version 150.0.7871.47 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS