Google Chrome before version 150.0.7871.47 contains CVE-2026-13898, a use-after-free flaw in the browser’s Cast Receiver component that can let a remote attacker run code inside Chrome’s sandbox through a crafted HTML page. That is the dry registry wording; the practical story is messier and...