CVE Catalog

CVE-2026-14048

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

A Use-After-Free vulnerability in the Chromecast component of Google Chrome prior to version 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral.

Risk Assessment

The risk involves potential leakage of sensitive data from browser memory by an attacker on the same local network, which could lead to exposure of passwords, tokens, or other secrets.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later, and consider local network segmentation to restrict access from unauthorized devices.

Original NVD description (English source)

Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS