CVE Catalog
CVE-2026-13910
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.27%
18th percentile — higher than 18% of all known CVEs
Summary
A vulnerability in WebXR in Google Chrome on Android prior to 150.0.7871.47 allows a remote attacker to leak cross-origin data via a crafted HTML page. The issue is due to insufficient policy enforcement.
Risk Assessment
An attacker can exfiltrate sensitive data from other origins, posing a risk to user privacy and potentially leading to data breaches for the organization.
Recommendation
Immediately update Google Chrome on Android to version 150.0.7871.47 or later.
Original NVD description (English source)
Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

