CVE Catalog

CVE-2026-13876

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

14th percentile — higher than 14% of all known CVEs

Summary

An inappropriate implementation in the Network component of Google Chrome prior to version 150.0.7871.47 allows an attacker in a privileged network position to bypass Content Security Policy (CSP) via malicious network traffic.

Risk Assessment

An attacker on the same network (e.g., corporate LAN) can bypass CSP mechanisms, potentially leading to injection of malicious scripts or exfiltration of sensitive data.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later. In managed environments, deploy the update via group policies.

Original NVD description (English source)

Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass content security policy via malicious network traffic. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS