CVE-2026-14431
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
A type confusion vulnerability in the V8 engine of Google Chrome prior to version 150.0.7871.46 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The issue is rated as high severity.
Risk Assessment
An attacker can remotely execute arbitrary code within the browser's sandbox, potentially leading to session takeover, data theft, or further privilege escalation.
Recommendation
Immediately update Google Chrome to version 150.0.7871.46 or later. Users should also consider enabling automatic updates.
Original NVD description (English source)
Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

