CVE Catalog

CVE-2026-13968

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile — higher than 22% of all known CVEs

Summary

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a malicious file.

Risk Assessment

The risk involves arbitrary code execution within the browser's sandbox, potentially leading to data compromise or further privilege escalation if the attacker can escape the sandbox.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later, and educate users about the risks of opening suspicious files and performing unusual UI gestures.

Original NVD description (English source)

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS