CVE-2026-14090
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. The vulnerability has a low severity rating.
Risk Assessment
The risk for the organization involves potential leakage of sensitive data from browser memory, which could lead to disclosure of confidential information. Although low severity, in a ChromeOS environment it could be leveraged for further attacks.
Recommendation
It is recommended to immediately update Google Chrome on ChromeOS to version 150.0.7871.47 or later. Additionally, consider restricting access to untrusted HTML pages in the corporate environment.
Original NVD description (English source)
Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)

