HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-13792Published Modified CNA Chrome

CVE-2026-13792: Use after free in Touchbar in Google Chrome on Mac prior to 150

Use after free in Touchbar in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability in the Touchbar component of Google Chrome on macOS affects all Chrome versions prior to 150.0.7871.47. The flaw is reachable over the network without any authentication, but requires a user to visit a specially crafted HTML page. Successful exploitation allows a remote attacker to escape the browser sandbox and gain the ability to read sensitive data, modify files, and crash or take control of the affected system. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: CVE-2026-13792 is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Chrome on macOS base layers. Any image carrying a Chrome version below 150.0.7871.47 is flagged automatically.

Available
Triage

HarborGuard scores this CVE at 9.6 CRITICAL (CVSS v3.1) and weights it against each customer organization's compliance policy to determine routing priority. Triage alerts are directed to the appropriate team inbox within each customer org based on their configured ownership rules.

Available
Patch

A patched-image rebuild pinned to Chrome 150.0.7871.47 becomes available on HarborGuard the moment the fix version is confirmed in the upstream feed. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by directing the target to a crafted HTML page, so the Chrome instance must be reachable via normal web browsing.

  • AuthenticationNot required

    No account or credential is needed; the attacker only needs to get the target to load a URL.

  • Victim interactionRequired

    The user must visit an attacker-controlled or compromised web page, making this a social-engineering or malicious-ad delivery scenario.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special race conditions, memory-layout knowledge, or environmental prerequisites beyond the victim loading the page.

Blast Radius

  • Attacker escapes the Chrome renderer sandbox and gains code execution in the browser process, breaking the primary isolation boundary between web content and the host OS.
  • Confidential data accessible to the browser (stored credentials, session cookies, locally cached files) becomes readable to the attacker.
  • The attacker can write or modify files on the host filesystem with the permissions of the Chrome process user.
  • The affected Chrome process can be crashed or hijacked, disrupting the user's session and any dependent services.

How HarborGuard Handles This

Available on HarborGuard: images containing Google Chrome below 150.0.7871.47 are flagged as CRITICAL the moment CVE-2026-13792 enters the ingestion pipeline, typically within minutes of upstream publication. For customers with auto-remediation enabled, HarborGuard rebuilds the affected image at Chrome 150.0.7871.47, runs a regression test pass, and opens a PR against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuilt image and a full diff are staged and waiting for reviewer sign-off. Because this is a sandbox-escape class vulnerability with a CVSS score of 9.6, customers who cannot immediately rebuild are advised to apply network-policy controls that restrict which internal users or services can reach external URLs through Chrome-based tooling, as a compensating control until the patched image is deployed.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H