HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-13798Published Modified CNA Chrome

CVE-2026-13798: Heap buffer overflow in Chromecast in Google Chrome prior to 150

Heap buffer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A heap buffer overflow vulnerability exists in the Chromecast component of Google Chrome prior to version 150.0.7871.47. The flaw is reachable over the network and requires no prior authentication, though a victim must interact with a crafted HTML page, and the attacker must already have compromised the Chrome renderer process. Successful exploitation enables a sandbox escape, giving the attacker full read, write, and denial-of-service capability on the underlying system. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-13798 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle Chrome or Chromium. No manual configuration is required to trigger a match against affected versions below 150.0.7871.47.

Available
Triage

HarborGuard surfaces this CVE with its CVSS v3.1 score of 9.6 (Critical) and weights it against each environment's configured compliance policy, escalating findings that breach policy thresholds automatically. Routed alerts reach the correct team inbox based on per-organization routing rules, so the right engineers see it without manual triage.

Available
Patch

A patched-image rebuild at Chrome 150.0.7871.47 becomes available through HarborGuard once the fix version is confirmed against the affected image layers. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads, with a median time from CVE publication to merged patch PR of around 90 minutes for Critical-severity issues in environments with auto-remediation enabled.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the crafted HTML page over the network, so the targeted Chrome instance must be reachable or the victim must browse to an attacker-controlled resource across the internet.

  • AuthenticationNot required

    No account credentials or session tokens are needed; any unauthenticated remote attacker can serve the malicious page.

  • Victim interactionRequired

    The victim must open or be directed to a crafted HTML page, making this a social-engineering or drive-by scenario where user action triggers the overflow.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and imposes no special race-condition or memory-layout preconditions beyond the attacker already controlling the renderer process.

Blast Radius

  • A successful sandbox escape lets the attacker execute arbitrary code outside the Chrome sandbox with the privileges of the browser process.
  • The attacker gains full read access to files, credentials, and session data accessible by the browser process on the host.
  • The attacker can write or modify data on the host filesystem within the browser process scope, including cached credentials and stored profiles.
  • The attacker can crash or destabilize the browser process, causing a denial of service for the affected user session.

How HarborGuard Handles This

Available on HarborGuard: images containing Google Chrome below 150.0.7871.47 are flagged as Critical the moment the CVE enters HarborGuard's feed. A patched rebuild targeting version 150.0.7871.47 is made available for any affected image layer configuration detected in a customer registry or pipeline. Where compliance policy permits and auto-remediation is enabled, HarborGuard rebuilds the image, runs the configured regression tests, and opens a pull request against affected workloads; the median time from CVE publication to merged patch PR for Critical-severity issues in auto-remediation environments is around 90 minutes. For environments where auto-remediation is not enabled, the finding is surfaced with full CVSS context and fix-version detail so engineers can act manually. Given the renderer-process precondition on this exploit, teams that cannot immediately patch may also consider restricting Chromecast feature access via Chrome policy flags as a short-term compensating control while the rebuild is prepared.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H