HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-13882Published Modified CNA Chrome

CVE-2026-13882: Race in USB in Google Chrome prior to 150

Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free race condition in the USB handling code of Google Chrome prior to version 150.0.7871.47 can be reached by a remote attacker who has already compromised the Chrome renderer process. The attacker delivers a crafted HTML page over the network, requiring the victim to visit it, and no authentication is needed. Successful exploitation breaks out of the Chrome sandbox, giving the attacker code execution on the underlying host with full confidentiality, integrity, and availability impact. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection for CVE-2026-13882 is available across every HarborGuard environment, with the CVE matched against images in customer registries and CI/CD pipelines within minutes of publication, including custom-built images that bundle Google Chrome. Ingestion from upstream feeds (NVD, Chrome advisory, and supplementary sources) runs continuously so newly published records are reflected without manual intervention.

Available
Triage

HarborGuard is capable of scoring this CVE at 9.6 CRITICAL using the CVSS v3.1 vector and weighting that score against each environment's compliance policy to determine urgency and escalation path. Triage routing to the appropriate team inbox within each customer organization is handled automatically based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild at Chrome 150.0.7871.47 becomes available through HarborGuard for any image found to carry an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads without requiring manual steps.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the victim over the network by serving a crafted HTML page from a remote origin.

  • AuthenticationNot required

    No credentials or account are needed; the attack is initiated purely by the victim loading a page.

  • Victim interactionRequired

    The victim must visit the attacker-controlled HTML page, making this a social-engineering or malvertising delivery scenario.

  • Attack complexityDetail

    The exploit is described as a race condition, meaning it depends on a timing window in the USB handling code, but the CVSS AC:L rating indicates the race is reliably winnable without special environmental conditions.

Blast Radius

  • The attacker escapes the Chrome renderer sandbox and gains code execution in the context of the host process, breaking the primary isolation boundary Chrome relies on.
  • With a sandbox escape achieved, the attacker can read arbitrary files and data accessible to the host user, including stored credentials, session tokens, and local documents.
  • The attacker can write to or modify files, persistent storage, and system configuration accessible to the compromised user account.
  • The attacker can crash, hang, or otherwise disrupt the Chrome process and any dependent services, or use the foothold to destabilize the broader host.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-13882 is active across all connected registries and pipelines, matched against any image that bundles Google Chrome below 150.0.7871.47. Given the CRITICAL severity (9.6) and the sandbox-escape impact, this CVE is prioritized at the top of the triage queue under standard policy. A patched rebuild at Chrome 150.0.7871.47 is available for affected images. For customers who opt into auto-remediation, HarborGuard can complete a rebuild, run regression tests, and open a pull request against affected workloads; for high and critical severity issues, the median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuilt image is staged and the pull request is held pending reviewer sign-off.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H