CVE Catalog

CVE-2026-13910

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

A vulnerability in WebXR in Google Chrome on Android prior to 150.0.7871.47 allows a remote attacker to leak cross-origin data via a crafted HTML page. The issue is due to insufficient policy enforcement.

Risk Assessment

An attacker can exfiltrate sensitive data from other origins, posing a risk to user privacy and potentially leading to data breaches for the organization.

Recommendation

Immediately update Google Chrome on Android to version 150.0.7871.47 or later.

Original NVD description (English source)

Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS