CVE-2026-13845
Google · Chrome
A use-after-free vulnerability in the Document Object Model (DOM) of Google Chrome allows for potential memory corruption and arbitrary code execution.
Executive summary
A high-severity use-after-free vulnerability within the DOM component of Google Chrome creates a substantial risk of memory corruption and potential system compromise.
Vulnerability
This vulnerability is a use-after-free error within the DOM implementation of the Chrome browser. An unauthenticated attacker could trigger this issue by enticing a user to navigate to a malicious website, causing the browser to execute arbitrary code.
Business impact
The DOM is a core component of web rendering, and its compromise can lead to complete browser subversion. A CVSS score of 8.8 reflects the high probability of successful exploitation and the severe impact on confidentiality, integrity, and availability of the affected host system.
Remediation
Immediate Action: Update all Google Chrome installations to version 150 or later to ensure the DOM component is protected against this flaw.
Proactive Monitoring: Implement browser-based security policies and use EDR tools to monitor for suspicious process execution patterns originating from the browser.
Compensating Controls: Leverage web content filtering solutions to block access to known malicious or high-risk domains that may attempt to exploit browser vulnerabilities.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Due to the fundamental nature of the DOM, this vulnerability represents a significant attack surface for any user browsing the web. Organizations must ensure that the update to version 150 is applied across all workstations to mitigate the risk of remote exploitation and maintain a secure computing posture.