CVE-2026-13876
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
An inappropriate implementation in the Network component of Google Chrome prior to version 150.0.7871.47 allows an attacker in a privileged network position to bypass Content Security Policy (CSP) via malicious network traffic.
Risk Assessment
An attacker on the same network (e.g., corporate LAN) can bypass CSP mechanisms, potentially leading to injection of malicious scripts or exfiltration of sensitive data.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later. In managed environments, deploy the update via group policies.
Original NVD description (English source)
Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass content security policy via malicious network traffic. (Chromium security severity: Medium)

