CVE Catalog

CVE-2026-14090

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. The vulnerability has a low severity rating.

Risk Assessment

The risk for the organization involves potential leakage of sensitive data from browser memory, which could lead to disclosure of confidential information. Although low severity, in a ChromeOS environment it could be leveraged for further attacks.

Recommendation

It is recommended to immediately update Google Chrome on ChromeOS to version 150.0.7871.47 or later. Additionally, consider restricting access to untrusted HTML pages in the corporate environment.

Original NVD description (English source)

Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS