CVE Catalog

CVE-2026-14040

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile — higher than 8% of all known CVEs

Summary

A use-after-free vulnerability was found in BrowserTag in Google Chrome prior to 150.0.7871.47. An attacker who convinced a user to install a malicious extension could potentially exploit heap corruption via a crafted Chrome Extension.

Risk Assessment

The risk for the organization includes potential remote code execution or browser destabilization through a malicious extension, which could lead to data leakage or session takeover.

Recommendation

It is recommended to immediately update Google Chrome to version 150.0.7871.47 or later and restrict extension installations to trusted sources only.

Original NVD description (English source)

Use after free in BrowserTag in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS