CVE-2026-14111
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
A use-after-free vulnerability exists in WebProtect in Google Chrome prior to version 150.0.7871.47. An attacker who convinces a user to install a malicious extension can exploit this to execute arbitrary code via a crafted Chrome Extension.
Risk Assessment
The risk involves potential remote code execution within the browser context, which could lead to session hijacking, data theft, or further attack escalation within the organization's IT environment.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later, and educate users to install only trusted extensions.
Original NVD description (English source)
Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low)

