CVE Catalog

CVE-2026-14149

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

23th percentile — higher than 23% of all known CVEs

Summary

A Use-After-Free vulnerability in the Audio component of Google Chrome on Linux prior to version 150.0.7871.47 allows a remote attacker to execute arbitrary code via a crafted HTML page. The issue is rated as Low severity by the Chromium security team.

Risk Assessment

An attacker can remotely execute arbitrary code on the victim's machine, potentially leading to system compromise, data theft, or malware installation.

Recommendation

Immediately update Google Chrome on Linux to version 150.0.7871.47 or later. Ensure automatic updates are enabled.

Original NVD description (English source)

Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS