CVE Catalog

CVE-2026-14012

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

A side-channel information leakage vulnerability in the CSS engine of Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Risk Assessment

The organization is at risk of confidential data leakage from browser memory, such as session tokens or cryptographic keys, potentially leading to user account compromise.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later. Ensure the update policy covers all workstations.

Original NVD description (English source)

Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS