Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-13782

Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

View on NVD

Analysis

Esta vulnerabilidad critica de tipo Use After Free en Google Chrome permite a un atacante remoto realizar un escape del sandbox del navegador mediante una pagina HTML maliciosa. Con un puntaje CVSS de 10.0, este fallo compromete la seguridad del sistema operativo anfitrion en entornos de desarrollo y produccion. Se recomienda actualizar inmediatamente a la version 150.0.7871.47 o superior en Windows, macOS y Linux.

Relevant roles

FrontendJavascriptCyberSecurityWindowsMacosLinux

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-416

EPSS

Probability of exploitation (next 30 days): 0.0021 (0.2%)
Percentile: 10.9%
EPSS: 2026-07-01

Affects

google:chromeapple:macoslinux:linux_kernelmicrosoft:windows

Technical description

Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Published: 6/30/2026, 11:16:53 PM
Last modified: 7/1/2026, 8:17:02 PM

References

HomeEventsBlogResourcesTeam