HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-13789Published Modified CNA Chrome

CVE-2026-13789: Use after free in GPU in Google Chrome prior to 150

Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability in the GPU component of Google Chrome (versions prior to 150.0.7871.47) allows a remote attacker who has already compromised the renderer process to escape Chrome's sandbox via a crafted HTML page. The attack is initiated over the network and requires the victim to visit or interact with a malicious page, but no authentication is needed. Successful exploitation gives the attacker full read, write, and execution capability outside the browser sandbox, effectively compromising the underlying host. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version of Chrome.

HarborGuard Coverage

Detection

Detection of CVE-2026-13789 is available across every HarborGuard environment, with the CVE matched against images in customer registries and CI/CD pipelines within minutes of upstream feed publication. This matching covers custom-built images that bundle or depend on an affected Chrome version, not just upstream base images.

Available
Triage

HarborGuard is capable of scoring this CVE at its published CVSS 3.1 rating of 9.6 (Critical) and weighting that score against each environment's compliance policy to determine priority. Triage alerts can be routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild pinned to Chrome 150.0.7871.47 becomes available on HarborGuard for any environment where an affected image is detected. For customers with auto-remediation enabled, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network; the target Chrome instance must be reachable in the sense that the victim's browser fetches attacker-controlled content from a remote origin.

  • AuthenticationNot required

    No account or credential is required; any unauthenticated remote attacker can serve the malicious page.

  • Victim interactionRequired

    The victim must visit or otherwise load the attacker's crafted HTML page, making this a social-engineering or drive-by-download scenario.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other environmental preconditions beyond the renderer compromise already assumed by the vulnerability.

Blast Radius

  • An attacker who escapes the sandbox gains code execution in the context of the browser process, outside Chrome's isolation boundary, with access to the host OS.
  • Confidentiality impact is High: the attacker can read files, credentials, session tokens, and other data accessible to the user running Chrome.
  • Integrity impact is High: the attacker can write to the filesystem, modify persisted application data, or install persistent malware.
  • Availability impact is High: the attacker can crash or terminate processes, corrupt data, or render the affected system unusable.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-13789 is active across all connected registries and pipelines, matching any image that bundles a Chrome version below 150.0.7871.47. Given the Critical (9.6) severity and the sandbox-escape impact, this CVE is surfaced at the highest priority tier. A patched rebuild at Chrome 150.0.7871.47 is available for affected images. For customers who opt into auto-remediation, HarborGuard performs the image rebuild, executes regression tests, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for Critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuilt image and full diff are staged and held for reviewer sign-off. Customers who cannot immediately redeploy should consider network-policy controls that restrict which origins Chrome instances within their containers can fetch from, reducing the drive-by-download surface until the patched image is promoted.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H