Skip to main content

Google Chrome CVE-2026-13900

| EUVDEUVD-2026-40586 MEDIUM
Improper Input Validation (CWE-20)
2026-06-30 chrome-cve-admin@google.com GHSA-4qhg-7v4f-qrrf
6.5
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
vuln.today AI
5.3 MEDIUM

AC:H reflects the explicit prerequisite of a pre-compromised renderer process; AV:N and UI:R retained as delivery is network-based via crafted HTML requiring user interaction.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 18:29 vuln.today
CVSS changed
Jul 01, 2026 - 18:22 NVD
6.5 (MEDIUM)
CVE Published
Jun 30, 2026 - 23:17 cve.org
MEDIUM 6.5
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Inappropriate implementation in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

AnalysisAI

Navigation restriction bypass in Google Chrome's Chromecast implementation (versions prior to 150.0.7871.47) allows a remote attacker who has already compromised the renderer process to circumvent navigation restrictions via a specially crafted HTML page. This is a post-compromise escalation primitive rather than a standalone entry point - the renderer must already be under attacker control, making this a link in an exploit chain rather than an initial access vector. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Exploit separate Chrome renderer RCE
Delivery
Achieve code execution in renderer process
Exploit
Deliver crafted HTML page to victim
Execution
Trigger Chromecast implementation flaw
Persist
Bypass browser navigation restrictions
Impact
Integrity impact via unauthorized navigation

Vulnerability AssessmentAI

Exploitation Exploitation requires that the attacker has already achieved code execution within the Chrome renderer process via a separate, independent vulnerability - this is an explicit prerequisite stated in the CVE description, not an inference. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The official CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, score 6.5) reflects a network-delivered attack with no privileges required and high integrity impact, but the description explicitly conditions exploitation on a pre-compromised renderer process - a non-trivial prerequisite that meaningfully raises the real-world bar above what AC:L implies. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker first exploits a separate, unpatched Chrome renderer vulnerability to achieve code execution within a Chrome renderer process on the target system. With that foothold established, they cause the victim's browser to load a crafted HTML page - potentially via an injected redirect or modified navigation - that triggers the Chromecast implementation flaw, bypassing navigation restrictions and enabling integrity violations such as cross-origin navigation or unauthorized content rendering that would otherwise be blocked by Chrome's browser-process enforcement.
Remediation Update Google Chrome to version 150.0.7871.47 or later immediately via the browser's built-in update mechanism (Settings > Help > About Google Chrome) or via enterprise deployment tooling. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-13900 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy