CVE-2026-14018
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
A use-after-free vulnerability was found in the Updater component of Google Chrome on Windows prior to version 150.0.7871.47. This flaw allows a local attacker to perform OS-level privilege escalation via a malicious file.
Risk Assessment
The organization is at risk of a local user gaining administrative privileges and executing arbitrary code, potentially leading to full system compromise.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later on all Windows workstations.
Original NVD description (English source)
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium)

