[UPDATE] [high] Google Chrome: Multiple vulnerabilities
A remote, anonymous attacker can exploit multiple vulnerabilities in Google Chrome to execute arbitrary code, cause a denial of service, or bypass security measures.
CSIRTS triage
- What
- Multiple vulnerabilities in Google Chrome allow a remote, anonymous attacker to execute arbitrary code, cause denial of service, or bypass security measures.
- Who is affected
- Users of Google Chrome are affected by these vulnerabilities.
- Urgency
- Remediation is high priority due to the high severity and potential for exploitation by remote attackers.
- Action
- Update Google Chrome to the latest version to mitigate these vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Chrome
Get an email when a new Chrome advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2092
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-132810.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 7% of all scored CVEs.
- Low exploitation riskCVE-2026-132820.11% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 2% of all scored CVEs.
- Low exploitation riskCVE-2026-132830.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-13281 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13282 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13283 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownDSA-6378-1 chromium - security updatedebian
- unknownGoogle Chrome Multiple Vulnerabilitieshkcert
- unknownMultiple vulnerabilities in Google Chrome (June 26, 2026)cert-fr-avis
- highCVE-2026-13283: Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remot…nvd
- mediumCVE-2026-13282: Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local…nvd
- highCVE-2026-13281: Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker wh…nvd
Recent advisories for Google Chrome
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownGoogle Chrome security advisory (AV26-679)cccs · 2026-07-09
- high[NEW] [high] Google Chrome: Multiple vulnerabilitiescert-bund · 2026-07-09
- high[UPDATE] [high] Google Chrome: Multiple vulnerabilities allow unspecified attackcert-bund · 2026-07-09
- unknownGoogle Chrome Multiple Vulnerabilitieshkcert · 2026-07-09
- unknownMultiple vulnerabilities in Google Chrome (July 09, 2026)cert-fr-avis · 2026-07-09
- highCVE-2026-15133: Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote att…nvd · 2026-07-08
More from CERT-Bund (BSI) Security Advisories
- medium[NEW] [medium] DENX U-Boot: Multiple vulnerabilities allow execution of arbitrary code and DoS2026-07-10
- medium[NEW] [medium] Samsung Android: Multiple vulnerabilities2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow unspecified attack2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10