Description
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from insufficient policy enforcement for extensions in Google Chrome. An attacker who has already compromised the renderer process can exploit this weakness to elevate privileges beyond the normal extension sandbox, potentially gaining the same rights as the logged‑in user. This escalated access can be used to install malware, read sensitive data, or modify system settings. The weakness corresponds to CWE‑20: Input Validation and is listed as high severity by Chromium.

Affected Systems

Affected versions are Google Chrome releases before 150.0.7871.47. All desktop builds of Chrome prior to that version are susceptible. The fix is included in Chrome 150.0.7871.47 and later.

Risk and Exploitability

The current EPSS score is not available, and the vulnerability is not listed in CISA KEV. The documented severity is high, indicating substantial impact if the vulnerability is exploited. The attack requires that the attacker first gain access to the renderer process, which may be achieved through compromised web content or other methods. After that, the attacker can serve a crafted HTML page to trigger the privilege escalation. Therefore, the risk level is considered significant for users running affected versions.

Generated by OpenCVE AI on July 1, 2026 at 01:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome to version 150.0.7871.47 or later to apply the patch.
  • Disable or remove any non‑essential or untrusted extensions to reduce risk.
  • Enable Chrome's integrity checks and set the browser to enforce strict extension permissions.

Generated by OpenCVE AI on July 1, 2026 at 01:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Title Insufficient Extension Policy Enforcement Allows Privilege Escalation in Chrome

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:46.703Z

Reserved: 2026-06-29T23:03:26.736Z

Link: CVE-2026-13824

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:00:07Z

Weaknesses
  • CWE-20

    Improper Input Validation