CVE-2026-13968
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a malicious file.
Risk Assessment
The risk involves arbitrary code execution within the browser's sandbox, potentially leading to data compromise or further privilege escalation if the attacker can escape the sandbox.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later, and educate users about the risks of opening suspicious files and performing unusual UI gestures.
Original NVD description (English source)
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: Medium)

