Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2637 articles · 174653 vulns · 37/41 feeds (7d)
← Back to list
7.8
CVE-2026-13778EXPLOITEDPATCHED
google · chrome

CVE-2026-13778: Use after free in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to execute arbitrary co

Description

Use after free in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical)

Affected Products

VendorProductVersions
googlechrome150.0.7871.47

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
applemacoscve_cpe95%
googlechromecert_advisory90%

References

  • https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html
  • https://issues.chromium.org/issues/513167952

Related News (4 articles)

Tier A
Microsoft MSRC1d ago
Chromium: CVE-2026-13778 Use after free in WebUSB
→ No new info (linked only)
Tier B
CERT-FR11d ago
Multiples vulnérabilités dans Google Chrome (02 juillet 2026)
→ No new info (linked only)
Tier B
BSI Advisories11d ago
[NEU] [hoch] Google Chrome: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
→ No new info (linked only)
Tier C
VulDB12d ago
CVE-2026-13778 | Google Chrome up to 149.0.7827.201 on macOS WebUSB use after free (ID 513167)
→ No new info (linked only)
CVSS 3.17.8 HIGH
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
150.0.7871.47
CWECWE-416
PublishedJun 30, 2026
Last enriched1d agov3
Trending Score60
Source articles4
Independent4
Info Completeness10/14
Missing: epss, kev, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-13852EXP
CVE-2026-13852: Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed
Trending: 65
CRITICALCVE-2026-13872EXP
CVE-2026-13872: Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed
Trending: 65
CRITICALCVE-2026-13851EXP
CVE-2026-13851: Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed
Trending: 65
CRITICALCVE-2026-13785EXP
CVE-2026-13785: Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a use
Trending: 63
HIGHCVE-2026-13788EXP
CVE-2026-13788: Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arb
Trending: 60

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 30, 2026
Discovered by ZDM
Jun 30, 2026
Updated: affectedVersions, severity, activelyExploited
Jul 1, 2026
Actively Exploited
Jul 2, 2026
Exploit Available
Jul 2, 2026
Patch Available
Jul 2, 2026
Updated: exploitAvailable
Jul 11, 2026

Version History

v3
Last enriched 1d ago
v3Tier A1d ago

Updated vendor to Microsoft and added that the exploit is now available in Microsoft Edge.

exploitAvailable
via Microsoft MSRC
v2Tier C11d ago

Updated affected versions to include 149.0.7827.201, changed severity to CRITICAL, and noted that the exploit is actively exploited.

affectedVersionsseverityactivelyExploited
via VulDB
v112d ago

Initial creation