CVE Catalog

CVE-2026-14431

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

19th percentile — higher than 19% of all known CVEs

Summary

A type confusion vulnerability in the V8 engine of Google Chrome prior to version 150.0.7871.46 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The issue is rated as high severity.

Risk Assessment

An attacker can remotely execute arbitrary code within the browser's sandbox, potentially leading to session takeover, data theft, or further privilege escalation.

Recommendation

Immediately update Google Chrome to version 150.0.7871.46 or later. Users should also consider enabling automatic updates.

Original NVD description (English source)

Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS