CVE Catalog

CVE-2026-14111

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile — higher than 22% of all known CVEs

Summary

A use-after-free vulnerability exists in WebProtect in Google Chrome prior to version 150.0.7871.47. An attacker who convinces a user to install a malicious extension can exploit this to execute arbitrary code via a crafted Chrome Extension.

Risk Assessment

The risk involves potential remote code execution within the browser context, which could lead to session hijacking, data theft, or further attack escalation within the organization's IT environment.

Recommendation

Immediately update Google Chrome to version 150.0.7871.47 or later, and educate users to install only trusted extensions.

Original NVD description (English source)

Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS