CVE-2026-14398
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
A use-after-free vulnerability in ANGLE in Google Chrome prior to 150.0.7871.46 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Risk Assessment
Critical risk for the organization – successful exploitation may allow an attacker to bypass browser sandboxing and gain access to the underlying operating system, potentially leading to full workstation compromise.
Recommendation
Immediately update Google Chrome to version 150.0.7871.46 or later. Consider enforcing a policy to block untrusted HTML pages until the update is applied.
Original NVD description (English source)
Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

