Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
9.6

CVE-2026-13781: Google Chrome: Malicious HTML Can Escape Sandbox

CVE-2026-13781
Summary

A security flaw in Google Chrome's graphics library, Skia, allows a hacker who has already taken control of a user's browser to break out of a safety barrier that prevents malicious code from accessing sensitive areas of the computer. This could potentially allow the hacker to steal user data or install malware. To fix this, update Google Chrome to the latest version.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versions
google chrome < 150.0.7871.46
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Original title
Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape...
Original description
Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
nvd CVSS3.1 9.6
Vulnerability type
CWE-20 Improper Input Validation
Published: 30 Jun 2026 · Updated: 1 Jul 2026 · First seen: 1 Jul 2026