CVE-2026-13903
Google · Chrome
Google Chrome contains a vulnerability involving insufficient policy enforcement within its Bluetooth implementation, potentially allowing for security bypasses.
Executive summary
A high-severity policy enforcement vulnerability in the Google Chrome Bluetooth component poses a significant risk of unauthorized access to local device resources.
Vulnerability
This vulnerability stems from insufficient policy enforcement within the browser's Bluetooth subsystem. The flaw allows an unauthenticated, remote attacker to potentially bypass security constraints related to Bluetooth device interactions.
Business impact
Successful exploitation of this flaw could allow unauthorized actors to interact with Bluetooth-enabled devices connected to the host machine, potentially leading to data exfiltration or unauthorized device control. With a CVSS score of 8.8, this vulnerability is categorized as High, necessitating rapid remediation to prevent compromise of endpoints within the enterprise environment.
Remediation
Immediate Action: Update all instances of Google Chrome to version 150 or later as soon as the update becomes available.
Proactive Monitoring: Review endpoint security logs for unusual Bluetooth-related activity or unexpected device pairing requests.
Compensating Controls: Utilize endpoint management software to restrict Bluetooth access where not required for business operations until patching is completed.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the High severity of this vulnerability, organizations should prioritize updating all Google Chrome installations across their fleet. Immediate patching is the most effective way to mitigate the risk of unauthorized Bluetooth interaction and should be treated as a high-priority maintenance task.