CVE-2026-14083
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
Insufficient validation of untrusted input in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
Risk Assessment
An attacker could exploit this vulnerability to perform a Universal XSS attack, potentially leading to session data theft, page content modification, or unauthorized actions in the context of the victim's browser.
Recommendation
Update Google Chrome to version 150.0.7871.47 or later immediately to mitigate this vulnerability.
Original NVD description (English source)
Insufficient validation of untrusted input in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

