HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-13883Published Modified CNA Chrome

CVE-2026-13883: Type Confusion in ANGLE in Google Chrome prior to 150

Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A type confusion vulnerability in ANGLE, the graphics translation layer inside Google Chrome, allows a remote attacker to escape the browser sandbox via a crafted HTML page. The attack is reachable over the network and requires no authentication, though the victim must visit a malicious page. Successful exploitation gives the attacker code execution outside the browser sandbox, with full access to confidential data, the ability to modify system state, and the ability to crash or destabilize the affected host. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version of Chrome.

HarborGuard Coverage

Detection

Detection of CVE-2026-13883 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all container images in customer registries and CI/CD pipelines, including custom-built images that bundle Chrome or Chromium.

Available
Triage

HarborGuard scores this CVE at CVSS 9.6 (Critical) and is capable of weighting findings against each environment's compliance policy to determine urgency and route alerts to the appropriate team inbox within each customer organization.

Available
Patch

A patched-image rebuild at Chrome 150.0.7871.47 is available on HarborGuard for any environment found to be running an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by directing the victim to a crafted HTML page, so the service (the victim's browser session) must be reachable from the internet.

  • AuthenticationNot required

    No account or credential is needed; any unauthenticated remote party can serve the malicious page.

  • Victim interactionRequired

    The victim must navigate to or load a crafted HTML page, making this a social-engineering or drive-by delivery scenario.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special race conditions, memory layout tricks, or other environmental prerequisites.

Blast Radius

  • Reads sensitive data from outside the browser sandbox, including files, credentials, and session material accessible to the browser process user.
  • Modifies files and system state outside the browser sandbox, enabling persistent changes or secondary payload installation.
  • Crashes or destabilizes the affected host process, causing service disruption beyond the browser tab.
  • Because the scope is Changed in the CVSS vector, impact extends to components outside the vulnerable browser process itself.

How HarborGuard Handles This

Available on HarborGuard: images containing Chrome versions below 150.0.7871.47 are flagged automatically as vulnerable upon ingestion, with no manual scan trigger required. Where compliance policy permits, a rebuilt image at 150.0.7871.47 becomes available immediately, and customers with auto-remediation enabled receive a full rebuild, a regression-test run, and a pull request opened against affected workloads. For Critical-severity issues like this one, the median time from CVE publication to merged patch PR is around 90 minutes for environments with auto-remediation enabled. For environments where auto-remediation is not enabled, HarborGuard surfaces the finding with full CVSS detail and fix-version guidance so teams can prioritize manual remediation. Given the sandbox-escape severity and the Changed scope rating, teams should treat this as high priority regardless of whether the affected images run in user-facing or internal contexts.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H