CVE Catalog

CVE-2026-14103

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

A use-after-free vulnerability exists in the SSL component of Google Chrome on ChromeOS prior to version 150.0.7871.47. A remote attacker can exploit a crafted HTML page to obtain potentially sensitive information from process memory.

Risk Assessment

The risk for the organization is the potential leakage of confidential data from browser memory, which could lead to exposure of passwords, encryption keys, or other business secrets.

Recommendation

It is recommended to immediately update Google Chrome on ChromeOS to version 150.0.7871.47 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Use after free in SSL in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS