CVE Catalog

CVE-2026-13977

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

In Google Chrome prior to version 150.0.7871.47, an inappropriate implementation in HTMLParser allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

Risk Assessment

An attacker can exploit this vulnerability to perform a Universal XSS attack, potentially leading to session data theft, account takeover, or displaying fake content in the context of trusted domains.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later. Ensure that browser update policies are enforced across the organization.

Original NVD description (English source)

Inappropriate implementation in HTMLParser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS