CVE Catalog

CVE-2026-13891

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile — higher than 22% of all known CVEs

Summary

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.

Risk Assessment

The risk involves privilege escalation by an attacker who has already compromised the renderer process, potentially leading to further compromise of the browser and the user's system.

Recommendation

Update Google Chrome to version 150.0.7871.47 or later immediately, which includes a fix for this vulnerability.

Original NVD description (English source)

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS