HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-13853Published Modified CNA Chrome

CVE-2026-13853: Use after free in Journeys in Google Chrome prior to 150

Use after free in Journeys in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability in the Journeys feature of Google Chrome prior to version 150.0.7871.47 allows a remote attacker who has already compromised the Chrome renderer process to escape the browser sandbox via a crafted HTML page. The vulnerability is reachable over the network and requires the victim to visit a malicious page, but no authentication is needed. Successful exploitation gives the attacker full control outside the sandbox, enabling arbitrary code execution, data theft, and system compromise. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version of Chrome.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that bundle a Chrome or Chromium binary.

Available
Triage

HarborGuard scores this finding at CVSS 9.6 Critical and weights it against each environment's compliance policy to determine breach-of-threshold status; the finding is then routed to the appropriate team inbox within the customer organization for immediate review.

Available
Patch

A patched-image rebuild pinned to Chrome 150.0.7871.47 is available on HarborGuard for any environment found running an affected version. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs regression tests, and opens a PR against affected workloads automatically; for Critical-severity issues, median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by directing the victim to a crafted HTML page hosted on an attacker-controlled server.

  • AuthenticationNot required

    No account or credentials are required; any unauthenticated remote attacker can attempt exploitation.

  • Victim interactionRequired

    The victim must visit the attacker-controlled HTML page, making social engineering or a malicious link the primary delivery vector.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other unpredictable environmental factors beyond having a compromised renderer process.

Blast Radius

  • The attacker escapes the Chrome browser sandbox and gains code execution in the context of the host process.
  • Confidential data accessible to the browser or host user account, including stored credentials, cookies, and local files, is readable by the attacker.
  • The attacker can write or modify files and system state on the host, enabling persistence mechanisms or further lateral movement.
  • The affected Chrome process and dependent services can be crashed or made unavailable.

How HarborGuard Handles This

Available on HarborGuard: detection runs continuously against customer image registries and pipelines, flagging any image that ships Chrome or Chromium below version 150.0.7871.47. A patched rebuild at the fixed version is queued automatically upon detection. For customers who have opted into auto-remediation, HarborGuard rebuilds the affected image, executes the configured regression-test suite, and opens a pull request against affected workloads; for Critical-severity findings, the median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval before merging, the PR is staged and waiting with full context attached. Customers who have not enabled auto-remediation receive an immediate alert with the affected image digest, the fix version, and a direct link to rebuild on demand.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H