CVE-2026-13891
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
Risk Assessment
The risk involves privilege escalation by an attacker who has already compromised the renderer process, potentially leading to further compromise of the browser and the user's system.
Recommendation
Update Google Chrome to version 150.0.7871.47 or later immediately, which includes a fix for this vulnerability.
Original NVD description (English source)
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

