CVE-2026-13872
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file.
Risk Assessment
The organization faces a risk of privilege escalation by a local attacker who could gain access to system resources outside the browser sandbox, potentially leading to data confidentiality and integrity breaches.
Recommendation
Immediately update Google Chrome on Android to version 150.0.7871.47 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium)

