CVE-2026-13959
N/AInsufficient validation of untrusted input in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
NO EXPLOITATION SIGNALS
No known exploitation, public exploit, or elevated probability at this time. Track for changes.
Exploitation likelihood
0.2%chance of exploitation in 30 days · 13th percentile
○ In CISA KEV
○ Public exploit / PoC
Impact if exploited
—CVSS · not scored
- No impact metrics
Weakness (CWE)
- CWE-20: Improper input validation
CVSS vector
Not yet scored.