CVE Catalog

CVE-2026-14383

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

An inappropriate implementation in the V8 engine of Google Chrome prior to version 150.0.7871.46 allows a remote attacker to execute arbitrary code within a sandbox via a crafted HTML page. The vulnerability stems from a flaw in the V8 component.

Risk Assessment

An attacker could exploit this vulnerability to execute malicious code within the sandboxed environment, potentially leading to data compromise or further privilege escalation on the system.

Recommendation

Immediately update Google Chrome to version 150.0.7871.46 or later. Ensure that the update policy covers all user workstations.

Original NVD description (English source)

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS