HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-13797Published Modified CNA Chrome

CVE-2026-13797: Insufficient validation of untrusted input in Chromecast in Google Chrome prior to 150

Insufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a sandbox escape vulnerability in the Chromecast component of Google Chrome prior to version 150.0.7871.47. A remote attacker who has already compromised the Chrome renderer process can exploit insufficient input validation by tricking a user into visiting a crafted HTML page, breaking out of Chrome's security sandbox and gaining capabilities beyond what the browser process should allow. Successful exploitation gives the attacker high-impact access to confidentiality, integrity, and availability of the affected system. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-13797 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds, including custom-built images that bundle Chrome or Chromium. Any image in a customer registry or CI pipeline running a Chrome version below 150.0.7871.47 is flagged automatically.

Available
Triage

HarborGuard scores this CVE at 9.6 CRITICAL using the CVSS v3.1 vector and weights findings against each customer environment's compliance policy to prioritize severity routing. Triage alerts are directed to the appropriate team inbox within the customer org based on policy configuration, so the right engineers see this immediately.

Available
Patch

A patched-image rebuild at Chrome 150.0.7871.47 is available on HarborGuard for any environment where an affected image is detected. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the crafted HTML page over the network, so the target must be reachable via a browser session exposed to attacker-controlled content.

  • AuthenticationNot required

    No credentials or account access are needed; any user who visits the crafted page can be targeted.

  • Victim interactionRequired

    The victim must visit a crafted HTML page, meaning the attacker must socially engineer or redirect the user to attacker-controlled content.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and imposes no special conditions, race requirements, or environmental dependencies beyond the renderer compromise prerequisite.

Blast Radius

  • A successful attacker escapes the Chrome sandbox and executes code outside the browser's restricted process, gaining access to the underlying host environment.
  • Confidentiality is fully compromised: the attacker can read files, credentials, session tokens, and other data accessible to the host user.
  • Integrity is fully compromised: the attacker can write, modify, or delete files and data on the host system.
  • Availability is fully compromised: the attacker can crash, kill, or otherwise disrupt the host system or its services.

How HarborGuard Handles This

Available on HarborGuard: images containing Google Chrome below version 150.0.7871.47 are matched against CVE-2026-13797 within minutes of CVE publication, across both registry scans and active CI pipeline runs, including custom images. A patched rebuild at 150.0.7871.47 is available immediately upon detection. For customers with auto-remediation enabled, HarborGuard performs the rebuild, executes a regression test run against the patched image, and opens a PR against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the finding is routed to the designated team inbox with full CVSS context and a direct link to the available patched image.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H