CVE Catalog

CVE-2026-14032

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

A use-after-free vulnerability was found in the Bluetooth component of Google Chrome on Mac prior to version 150.0.7871.47. An attacker who convinced a user to install a malicious extension could exploit this vulnerability to execute arbitrary code via a crafted Chrome Extension.

Risk Assessment

The risk for the organization is the potential for remote code execution by an attacker after a malicious extension is installed, which could lead to system compromise and data theft.

Recommendation

It is recommended to immediately update Google Chrome on all Mac computers to version 150.0.7871.47 or later and restrict users' ability to install extensions.

Original NVD description (English source)

Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS