CVE Catalog
CVE-2026-14009
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk0.25%
17th percentile — higher than 17% of all known CVEs
Summary
An inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Risk Assessment
A remote attacker could cause memory corruption, potentially leading to browser crashes or arbitrary code execution in the user's context.
Recommendation
Update Google Chrome to version 150.0.7871.47 or later immediately, which includes a fix for this vulnerability.
Original NVD description (English source)
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

