CVE-2026-14032
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
A use-after-free vulnerability was found in the Bluetooth component of Google Chrome on Mac prior to version 150.0.7871.47. An attacker who convinced a user to install a malicious extension could exploit this vulnerability to execute arbitrary code via a crafted Chrome Extension.
Risk Assessment
The risk for the organization is the potential for remote code execution by an attacker after a malicious extension is installed, which could lead to system compromise and data theft.
Recommendation
It is recommended to immediately update Google Chrome on all Mac computers to version 150.0.7871.47 or later and restrict users' ability to install extensions.
Original NVD description (English source)
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low)

