CVE Catalog

CVE-2026-13885

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile — higher than 30% of all known CVEs

Summary

A use-after-free vulnerability in Skia in Google Chrome on Android prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Risk Assessment

An attacker could gain control of the browser process within the sandbox, potentially leading to data theft or further privilege escalation on the Android device.

Recommendation

Immediately update Google Chrome on Android to version 150.0.7871.47 or later. Users should enable automatic updates in the Play Store.

Original NVD description (English source)

Use after free in Skia in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS