Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
9.8

CVE-2026-13776: Google Chrome: Malicious HTML can bypass security sandbox

CVE-2026-13776
Summary

A security issue in Google Chrome allows a hacker who has already taken control of a user's browser to potentially escape the security restrictions that normally prevent them from accessing sensitive areas of the computer. This could allow the hacker to steal sensitive information or install malware. Users should update to the latest version of Google Chrome to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versions
google chrome < 150.0.7871.47
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Original title
Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C...
Original description
Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
nvd CVSS3.1 9.8
Vulnerability type
CWE-843 Type Confusion
Published: 30 Jun 2026 · Updated: 1 Jul 2026 · First seen: 1 Jul 2026