Description
Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An insufficient validation of untrusted input in Google Chrome Enterprise before version 150.0.7871.47 allows a remote attacker to exploit a crafted HTML page and achieve privilege escalation. The weakness is identified by CWE-20, indicating improper input validation that can lead to escalated privileges. The impact extends beyond a single process, potentially enabling an attacker to gain elevated rights on the affected system.

Affected Systems

Products affected include Google Chrome Enterprise. Any installation of Chrome Enterprise prior to the stable channel release 150.0.7871.47 is vulnerable. No specific sub‑version range beyond that cut‑off is indicated.

Risk and Exploitability

The advisory indicates a medium severity level. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known large‑scale exploitation yet. The likely attack vector involves a remote attacker delivering a malicious HTML page that the vulnerable browser processes without adequate validation. While exploitation requires the victim to open or process the page, the lack of a mitigated path means any such exposure could lead to full privilege elevation on the target machine.

Generated by OpenCVE AI on July 1, 2026 at 02:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome Enterprise to version 150.0.7871.47 or later, which contains the fixed input validation logic.
  • If an immediate upgrade is not possible, restrict the execution or rendering of externally supplied HTML content through organizational policies or sandboxed environments to limit exposure to malicious input.
  • Monitor Chrome update channels and keep the browser in the latest stable release to ensure the underlying vulnerability is patched as new updates roll out.

Generated by OpenCVE AI on July 1, 2026 at 02:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 03:15:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Untrusted HTML Input in Chrome Enterprise

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:24.718Z

Reserved: 2026-06-29T23:03:54.354Z

Link: CVE-2026-13928

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T03:00:12Z

Weaknesses
  • CWE-20

    Improper Input Validation