CVE-2026-13781: Insufficient validation of untrusted input in Google Chrome
CVE-2026-13781 is a critical vulnerability in Google Chrome's Skia component prior to version 150.0.7871.47. It involves insufficient validation of untrusted input, which could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. This vulnerability affects desktop versions of Chrome before the specified fixed version. No CVSS score is provided, but the vendor classifies it as critical.
AI Analysis
Technical Summary
This vulnerability arises from insufficient validation of untrusted input in the Skia graphics library used by Google Chrome. An attacker who has already compromised the renderer process could exploit this flaw by delivering a specially crafted HTML page, potentially enabling sandbox escape. The issue is fixed in Chrome version 150.0.7871.47. The vendor advisory confirms the fix is available in this stable channel update.
Potential Impact
A successful exploit could allow an attacker to escape the Chrome sandbox from the renderer process, increasing the level of control over the host system beyond what is normally permitted. This elevates the risk of further system compromise following initial renderer process compromise.
Mitigation Recommendations
Users and administrators should update Google Chrome to version 150.0.7871.47 or later, where this vulnerability is fixed. The vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html provides official update details. No other mitigations are specified or required once the update is applied.
CVE-2026-13781: Insufficient validation of untrusted input in Google Chrome
Description
CVE-2026-13781 is a critical vulnerability in Google Chrome's Skia component prior to version 150.0.7871.47. It involves insufficient validation of untrusted input, which could allow a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. This vulnerability affects desktop versions of Chrome before the specified fixed version. No CVSS score is provided, but the vendor classifies it as critical.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from insufficient validation of untrusted input in the Skia graphics library used by Google Chrome. An attacker who has already compromised the renderer process could exploit this flaw by delivering a specially crafted HTML page, potentially enabling sandbox escape. The issue is fixed in Chrome version 150.0.7871.47. The vendor advisory confirms the fix is available in this stable channel update.
Potential Impact
A successful exploit could allow an attacker to escape the Chrome sandbox from the renderer process, increasing the level of control over the host system beyond what is normally permitted. This elevates the risk of further system compromise following initial renderer process compromise.
Mitigation Recommendations
Users and administrators should update Google Chrome to version 150.0.7871.47 or later, where this vulnerability is fixed. The vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html provides official update details. No other mitigations are specified or required once the update is applied.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-29T23:03:16.083Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html","vendor":"Google"}]
Threat ID: 6a444c0e27e9c7971985c7e8
Added to database: 06/30/2026, 23:06:54 UTC
Last enriched: 07/01/2026, 02:06:58 UTC
Last updated: 07/01/2026, 02:06:58 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.