CVE-2026-13974 Overview
CVE-2026-13974 is an integer overflow vulnerability [CWE-472] in the Safe Browsing component of Google Chrome on macOS. The flaw affects Chrome versions prior to 150.0.7871.47. A remote attacker can bypass navigation restrictions by delivering a malicious file to a target user. Exploitation requires user interaction, such as opening or downloading a crafted file through the browser.
Google rated the Chromium security severity as Medium. The National Vulnerability Database assigned a CVSS 3.1 base score of 8.1, reflecting high integrity and availability impact once user interaction occurs.
Critical Impact
Attackers can bypass Safe Browsing navigation restrictions, allowing malicious files to reach users without triggering standard Chrome protections on macOS.
Affected Products
- Google Chrome for macOS versions prior to 150.0.7871.47
- Apple macOS platforms running vulnerable Chrome builds
- Chromium-based navigation and Safe Browsing subsystems on macOS
Discovery Timeline
- 2026-06-30 - CVE-2026-13974 published to NVD
- 2026-07-02 - Last updated in NVD database
Technical Details for CVE-2026-13974
Vulnerability Analysis
The vulnerability resides in Chrome's Safe Browsing service on macOS. Safe Browsing evaluates navigation targets and downloaded files against reputation and policy checks before allowing user interaction. An integer overflow inside this evaluation path corrupts a length or size calculation. The corrupted value causes Safe Browsing to misclassify or skip evaluation of a malicious file.
The result is a bypass of navigation restrictions. A file that Safe Browsing should block instead reaches the user. This weakens a control layer that many enterprises rely on for endpoint hardening.
The attack vector is network-based and does not require authentication. User interaction is required, typically clicking a link or handling a file delivered through the browser. Successful exploitation delivers high integrity and availability impact without compromising confidentiality.
Root Cause
The root cause is an integer overflow [CWE-472] in operand handling within Safe Browsing on the macOS build of Chrome. Arithmetic on an attacker-influenced size wraps around expected bounds. The overflow bypasses the file-handling checks that Safe Browsing performs before allowing navigation to proceed.
Attack Vector
An attacker hosts or delivers a crafted file whose properties trigger the arithmetic overflow during Safe Browsing evaluation. The victim navigates to the malicious resource in Chrome on macOS. Safe Browsing fails to enforce the expected navigation restriction. The file reaches the user, enabling downstream payload execution or further social engineering.
The vulnerability manifests inside Chromium's Safe Browsing pipeline on macOS. See the Chromium Issue Tracker Entry and the Google Chrome Update Advisory for technical context.
Detection Methods for CVE-2026-13974
Indicators of Compromise
- Chrome downloads on macOS endpoints that skipped Safe Browsing verdicts despite matching known-bad reputation categories.
- Unexpected file writes into ~/Downloads originating from Chrome renderer or browser processes running versions prior to 150.0.7871.47.
- Outbound connections from Chrome to newly registered or low-reputation domains immediately preceding user file execution.
Detection Strategies
- Inventory installed Chrome versions across macOS fleets and flag any build below 150.0.7871.47.
- Correlate Safe Browsing telemetry with EDR file-write events to identify downloads that bypassed browser-level checks.
- Hunt for macOS process trees where Chrome spawns or hands off newly downloaded executables, disk images, or scripts.
Monitoring Recommendations
- Alert on execution of files downloaded by Chrome within short time windows after retrieval on macOS hosts.
- Track Chrome auto-update status through MDM and generate alerts when clients remain on outdated versions.
- Monitor DNS and TLS logs for connections to domains hosting attachments that match known malicious file signatures.
How to Mitigate CVE-2026-13974
Immediate Actions Required
- Update Google Chrome on all macOS endpoints to version 150.0.7871.47 or later.
- Verify auto-update is enabled and functioning; force a relaunch to apply the fix on active sessions.
- Audit macOS endpoints through MDM to confirm the patched version is deployed across the fleet.
Patch Information
Google addressed CVE-2026-13974 in the Stable channel update for desktop referenced in the Google Chrome Update Advisory. Chrome versions 150.0.7871.47 and later contain the fix on macOS. There is no vendor-provided configuration workaround; patching is the supported remediation path.
Workarounds
- Restrict browser downloads of high-risk file types at the network gateway until patching is complete.
- Enforce application allowlisting on macOS to prevent execution of untrusted files delivered through the browser.
- Route Chrome traffic through a secure web gateway that performs independent file reputation and sandboxing checks.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

