CVE-2026-13826: Inappropriate implementation in Google Chrome
CVE-2026-13826 is a high-severity vulnerability in the Autofill feature of Google Chrome on Android versions prior to 150.0.7871.47. It allows a remote attacker who has compromised the renderer process to leak cross-origin data via a crafted HTML page. This vulnerability affects the privacy and security of user data handled by the Autofill component.
AI Analysis
Technical Summary
This vulnerability arises from an inappropriate implementation in the Autofill functionality of Google Chrome on Android. Specifically, it enables a remote attacker with control over the renderer process to exfiltrate data across origins by exploiting crafted HTML content. The issue is fixed in version 150.0.7871.47, which addresses the improper data handling that led to cross-origin data leakage.
Potential Impact
An attacker who has already compromised the renderer process can leverage this vulnerability to leak sensitive cross-origin data, potentially exposing user information that should be isolated by same-origin policies. This compromises user privacy and could facilitate further attacks or data theft.
Mitigation Recommendations
Users should update Google Chrome on Android to version 150.0.7871.47 or later, where this vulnerability is fixed. No additional mitigation steps are indicated by the vendor advisory. Patch status is not explicitly confirmed in the advisory, but the affected version indicates the fix is included in 150.0.7871.47.
CVE-2026-13826: Inappropriate implementation in Google Chrome
Description
CVE-2026-13826 is a high-severity vulnerability in the Autofill feature of Google Chrome on Android versions prior to 150.0.7871.47. It allows a remote attacker who has compromised the renderer process to leak cross-origin data via a crafted HTML page. This vulnerability affects the privacy and security of user data handled by the Autofill component.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from an inappropriate implementation in the Autofill functionality of Google Chrome on Android. Specifically, it enables a remote attacker with control over the renderer process to exfiltrate data across origins by exploiting crafted HTML content. The issue is fixed in version 150.0.7871.47, which addresses the improper data handling that led to cross-origin data leakage.
Potential Impact
An attacker who has already compromised the renderer process can leverage this vulnerability to leak sensitive cross-origin data, potentially exposing user information that should be isolated by same-origin policies. This compromises user privacy and could facilitate further attacks or data theft.
Mitigation Recommendations
Users should update Google Chrome on Android to version 150.0.7871.47 or later, where this vulnerability is fixed. No additional mitigation steps are indicated by the vendor advisory. Patch status is not explicitly confirmed in the advisory, but the affected version indicates the fix is included in 150.0.7871.47.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-29T23:03:27.222Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html","vendor":"Google"}]
Threat ID: 6a444c1427e9c7971985c95f
Added to database: 06/30/2026, 23:07:00 UTC
Last enriched: 07/01/2026, 00:51:22 UTC
Last updated: 07/01/2026, 00:51:22 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.