CVE-2026-14087
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
A heap buffer overflow vulnerability was found in the WebNN component of Google Chrome on Windows prior to version 150.0.7871.47. A remote attacker who had compromised the renderer process could potentially exploit heap corruption via a crafted HTML page.
Risk Assessment
The risk for the organization is the potential for remote code execution or system destabilization by an attacker who has already compromised the browser's renderer process. This could lead to data leakage or further privilege escalation in the user's environment.
Recommendation
It is recommended to immediately update Google Chrome to version 150.0.7871.47 or later on all Windows systems. Additionally, consider restricting renderer process privileges and implementing safe browsing policies.
Original NVD description (English source)
Heap buffer overflow in WebNN in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

