CVE Catalog

CVE-2026-14009

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

17th percentile — higher than 17% of all known CVEs

Summary

An inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Risk Assessment

A remote attacker could cause memory corruption, potentially leading to browser crashes or arbitrary code execution in the user's context.

Recommendation

Update Google Chrome to version 150.0.7871.47 or later immediately, which includes a fix for this vulnerability.

Original NVD description (English source)

Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS