CVE-2026-14103
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
A use-after-free vulnerability exists in the SSL component of Google Chrome on ChromeOS prior to version 150.0.7871.47. A remote attacker can exploit a crafted HTML page to obtain potentially sensitive information from process memory.
Risk Assessment
The risk for the organization is the potential leakage of confidential data from browser memory, which could lead to exposure of passwords, encryption keys, or other business secrets.
Recommendation
It is recommended to immediately update Google Chrome on ChromeOS to version 150.0.7871.47 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Use after free in SSL in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

