CVE Catalog

CVE-2026-14398

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

A use-after-free vulnerability in ANGLE in Google Chrome prior to 150.0.7871.46 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Risk Assessment

Critical risk for the organization – successful exploitation may allow an attacker to bypass browser sandboxing and gain access to the underlying operating system, potentially leading to full workstation compromise.

Recommendation

Immediately update Google Chrome to version 150.0.7871.46 or later. Consider enforcing a policy to block untrusted HTML pages until the update is applied.

Original NVD description (English source)

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS