CVE-2026-13851: Insufficient validation of untrusted input in Google Chrome
CVE-2026-13851 is a high-severity vulnerability in Google Chrome on Android prior to version 150.0.7871.47. It involves insufficient validation of untrusted input in the WebAppInstalls component, allowing a local attacker to bypass discretionary access controls via a crafted HTML page. This vulnerability could enable unauthorized actions within the affected browser environment.
AI Analysis
Technical Summary
This vulnerability arises from insufficient validation of untrusted input in the WebAppInstalls feature of Google Chrome on Android versions before 150.0.7871.47. A local attacker can exploit this by crafting a malicious HTML page that bypasses discretionary access control mechanisms, potentially leading to unauthorized access or actions within the browser context. The issue has been publicly disclosed but lacks a CVSS score and explicit remediation level in the provided data. The vendor advisory link is available but does not explicitly confirm patch availability or remediation status.
Potential Impact
Successful exploitation allows a local attacker to bypass discretionary access control in the affected Chrome browser on Android, potentially leading to unauthorized actions or access within the browser environment. The severity is classified as high by Chromium security standards. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html for current remediation guidance. Users and administrators should monitor official Google Chrome release notes for updates addressing this vulnerability. Until a fix is confirmed, avoid opening untrusted HTML content locally on affected Chrome versions.
CVE-2026-13851: Insufficient validation of untrusted input in Google Chrome
Description
CVE-2026-13851 is a high-severity vulnerability in Google Chrome on Android prior to version 150.0.7871.47. It involves insufficient validation of untrusted input in the WebAppInstalls component, allowing a local attacker to bypass discretionary access controls via a crafted HTML page. This vulnerability could enable unauthorized actions within the affected browser environment.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from insufficient validation of untrusted input in the WebAppInstalls feature of Google Chrome on Android versions before 150.0.7871.47. A local attacker can exploit this by crafting a malicious HTML page that bypasses discretionary access control mechanisms, potentially leading to unauthorized access or actions within the browser context. The issue has been publicly disclosed but lacks a CVSS score and explicit remediation level in the provided data. The vendor advisory link is available but does not explicitly confirm patch availability or remediation status.
Potential Impact
Successful exploitation allows a local attacker to bypass discretionary access control in the affected Chrome browser on Android, potentially leading to unauthorized actions or access within the browser environment. The severity is classified as high by Chromium security standards. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html for current remediation guidance. Users and administrators should monitor official Google Chrome release notes for updates addressing this vulnerability. Until a fix is confirmed, avoid opening untrusted HTML content locally on affected Chrome versions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-29T23:03:33.480Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html","vendor":"Google"}]
Threat ID: 6a444c1727e9c7971985ca89
Added to database: 06/30/2026, 23:07:03 UTC
Last enriched: 07/01/2026, 00:06:15 UTC
Last updated: 07/01/2026, 01:14:29 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.