HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-13775Published Modified CNA Chrome

CVE-2026-13775: Use after free in GPU in Google Chrome prior to 150

Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability in the GPU component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker who has already compromised the renderer process to escape the browser sandbox via a crafted HTML page. The attack is reachable over the network and requires no authentication, though the victim must visit or be redirected to a malicious page. Successful exploitation gives the attacker code execution outside the sandbox, with full read, write, and availability impact on the host. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version of Chrome.

HarborGuard Coverage

Detection

Detection of CVE-2026-13775 is available across every HarborGuard environment. The CVE is ingested from upstream feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle a Chrome or Chromium binary.

Available
Triage

HarborGuard scores this CVE at 9.6 CRITICAL using the published CVSS v3.1 vector, and triage is available with per-environment compliance policy weighting applied automatically. Findings are routed to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild at Chrome 150.0.7871.47 is available on HarborGuard for any image found to contain an affected version. For customers with auto-remediation enabled, HarborGuard performs the rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network; the target Chrome instance must be reachable by the victim browsing to an attacker-controlled or compromised web page.

  • AuthenticationNot required

    No credentials or account privileges are required; any user browsing to the malicious page is a viable target.

  • Victim interactionRequired

    The victim must visit or be directed to a crafted HTML page, making this a social-engineering or drive-by-style delivery.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other unpredictable environmental factors beyond the renderer-process compromise prerequisite.

Blast Radius

  • The attacker escapes the Chrome sandbox and gains code execution in the context of the host process, breaking the primary isolation boundary Chrome relies on.
  • With sandbox escape achieved, the attacker reads files, credentials, and session tokens accessible to the browser process on the host.
  • The attacker writes or modifies files on disk and can persist malicious code or tamper with locally stored data.
  • The attacker disrupts or terminates host-level processes, causing service or system instability on the affected machine.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-13775 activates within minutes of the advisory being published and covers every customer image that packages a Chrome or Chromium binary, including internally built images. For environments where an affected version is identified, a rebuilt image at Chrome 150.0.7871.47 is made available. For customers who have opted into auto-remediation, HarborGuard performs the rebuild, runs regression tests, and opens a pull request against affected workloads automatically; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the finding is queued with CRITICAL priority and routed to the designated team inbox for review. Given the severity and the sandbox-escape impact, teams not yet on auto-remediation should treat this as a priority manual update.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H