CVE-2026-13849: Insufficient validation of untrusted input in Google Chrome
A vulnerability in Google Chrome on Windows prior to version 150.0.7871.47 involves insufficient validation of untrusted input in the Chromoting component. This flaw could allow a local attacker to potentially escape the sandbox by using a malicious file. The issue is classified with high severity by Chromium security. No CVSS score is provided, and no explicit patch status is confirmed in the input data.
AI Analysis
Technical Summary
CVE-2026-13849 is a high-severity vulnerability affecting Google Chrome on Windows versions before 150.0.7871.47. It arises from insufficient validation of untrusted input within the Chromoting feature, which could enable a local attacker to perform a sandbox escape via a crafted malicious file. The vulnerability was publicly disclosed on June 30, 2026. Although a vendor advisory URL is provided, it does not explicitly confirm patch availability or remediation status in the input data. No known exploits in the wild are reported.
Potential Impact
The vulnerability could allow a local attacker to escape the sandbox environment in Google Chrome on Windows, potentially leading to elevated privileges or unauthorized actions outside the browser sandbox. This could compromise the security boundaries intended to isolate Chrome processes.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html for current remediation guidance. Until official confirmation, users should apply updates promptly once available and avoid executing untrusted files related to Chromoting.
CVE-2026-13849: Insufficient validation of untrusted input in Google Chrome
Description
A vulnerability in Google Chrome on Windows prior to version 150.0.7871.47 involves insufficient validation of untrusted input in the Chromoting component. This flaw could allow a local attacker to potentially escape the sandbox by using a malicious file. The issue is classified with high severity by Chromium security. No CVSS score is provided, and no explicit patch status is confirmed in the input data.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-13849 is a high-severity vulnerability affecting Google Chrome on Windows versions before 150.0.7871.47. It arises from insufficient validation of untrusted input within the Chromoting feature, which could enable a local attacker to perform a sandbox escape via a crafted malicious file. The vulnerability was publicly disclosed on June 30, 2026. Although a vendor advisory URL is provided, it does not explicitly confirm patch availability or remediation status in the input data. No known exploits in the wild are reported.
Potential Impact
The vulnerability could allow a local attacker to escape the sandbox environment in Google Chrome on Windows, potentially leading to elevated privileges or unauthorized actions outside the browser sandbox. This could compromise the security boundaries intended to isolate Chrome processes.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html for current remediation guidance. Until official confirmation, users should apply updates promptly once available and avoid executing untrusted files related to Chromoting.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-29T23:03:32.984Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html","vendor":"Google"}]
Threat ID: 6a444c1727e9c7971985ca81
Added to database: 06/30/2026, 23:07:03 UTC
Last enriched: 07/01/2026, 00:06:24 UTC
Last updated: 07/01/2026, 00:06:24 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.