Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2631 articles · 174640 vulns · 37/41 feeds (7d)
← Back to list
9.6
CVE-2026-13785EXPLOITEDPATCHED
google · chrome

CVE-2026-13785: Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a use

Description

Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Affected Products

VendorProductVersions
googlechrome150.0.7871.47

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
applemacoscve_cpe95%
googlechromecert_advisory90%

References

  • https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html
  • https://issues.chromium.org/issues/517021684

Related News (4 articles)

Tier A
Microsoft MSRC1d ago
Chromium: CVE-2026-13785 Use after free in Bluetooth
→ No new info (linked only)
Tier B
CERT-FR11d ago
Multiples vulnérabilités dans Google Chrome (02 juillet 2026)
→ No new info (linked only)
Tier B
BSI Advisories11d ago
[NEU] [hoch] Google Chrome: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
→ No new info (linked only)
Tier C
VulDB11d ago
CVE-2026-13785 | Google Chrome up to 149.0.7827.201 on macOS Bluetooth use after free (ID 517021)
→ No new info (linked only)
CVSS 3.19.6 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
150.0.7871.47
CWECWE-416
PublishedJun 30, 2026
Last enriched1d agov3
Trending Score63
Source articles4
Independent4
Info Completeness10/14
Missing: epss, kev, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-13852EXP
CVE-2026-13852: Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed
Trending: 65
CRITICALCVE-2026-13872EXP
CVE-2026-13872: Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed
Trending: 65
CRITICALCVE-2026-13851EXP
CVE-2026-13851: Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed
Trending: 65
HIGHCVE-2026-13778EXP
CVE-2026-13778: Use after free in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to execute arbitrary co
Trending: 60
HIGHCVE-2026-13788EXP
CVE-2026-13788: Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arb
Trending: 60

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 30, 2026
Discovered by ZDM
Jun 30, 2026
Updated: affectedVersions, severity
Jul 1, 2026
Actively Exploited
Jul 2, 2026
Exploit Available
Jul 2, 2026
Patch Available
Jul 2, 2026
Updated: exploitAvailable, activelyExploited
Jul 11, 2026

Version History

v3
Last enriched 1d ago
v3Tier A1d ago

Updated vendor to Microsoft, added product Edge, and marked exploit as available and actively exploited.

exploitAvailableactivelyExploited
via Microsoft MSRC
v2Tier C11d ago

Updated affected versions to include 149.0.7827.201 and changed severity to CRITICAL.

affectedVersionsseverity
via VulDB
v112d ago

Initial creation