CVE-2026-14040
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
A use-after-free vulnerability was found in BrowserTag in Google Chrome prior to 150.0.7871.47. An attacker who convinced a user to install a malicious extension could potentially exploit heap corruption via a crafted Chrome Extension.
Risk Assessment
The risk for the organization includes potential remote code execution or browser destabilization through a malicious extension, which could lead to data leakage or session takeover.
Recommendation
It is recommended to immediately update Google Chrome to version 150.0.7871.47 or later and restrict extension installations to trusted sources only.
Original NVD description (English source)
Use after free in BrowserTag in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)

