CVE Catalog

CVE-2026-13893

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

Insufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via malicious network traffic.

Risk Assessment

The organization is at risk of cross-origin data leakage, potentially leading to theft of authentication credentials or other sensitive user information.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later and instruct users to update their browsers.

Original NVD description (English source)

Insufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via malicious network traffic. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS