CVE-2026-13283 - Vulnerability Details

Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Google	Chrome

No data.

References

Link	Providers
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01245939337.html
https://issues.chromium.org/issues/522561151

History

Fri, 26 Jun 2026 15:00:00 +0000

Type	Values Removed	Values Added
Title	AdFilter Use-after-Free Allows Remote Code Execution in Chrome for Android

Fri, 26 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 26 Jun 2026 03:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google chrome
Vendors & Products		Google Google chrome

Fri, 26 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Title		AdFilter Use-after-Free Allows Remote Code Execution in Chrome for Android

Thu, 25 Jun 2026 22:00:00 +0000

Type	Values Removed	Values Added
Description		Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Weaknesses		CWE-416
References		https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01245939337.html https://issues.chromium.org/issues/522561151

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2026-06-25T21:51:34.243Z

Updated: 2026-06-27T03:55:24.688Z

Reserved: 2026-06-24T21:53:14.107Z

Link: CVE-2026-13283

Vulnrichment

Updated: 2026-06-26T12:43:32.548Z

NVD

No data.

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object