CVE-2026-14048
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
A Use-After-Free vulnerability in the Chromecast component of Google Chrome prior to version 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral.
Risk Assessment
The risk involves potential leakage of sensitive data from browser memory by an attacker on the same local network, which could lead to exposure of passwords, tokens, or other secrets.
Recommendation
Immediately update Google Chrome to version 150.0.7871.47 or later, and consider local network segmentation to restrict access from unauthorized devices.
Original NVD description (English source)
Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low)

