CVE Catalog

CVE-2026-14119

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile — higher than 2% of all known CVEs

Summary

A type confusion vulnerability in Bluetooth within Google Chrome on Windows (prior to version 150.0.7871.47) allows an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. The issue is rated as Low severity by the Chromium team.

Risk Assessment

An attacker on the same local network can exploit this vulnerability to read portions of browser memory, potentially leaking sensitive data such as passwords or session tokens, but requires physical presence of a malicious Bluetooth device.

Recommendation

Immediately update Google Chrome on Windows systems to version 150.0.7871.47 or later. Restrict local network access for untrusted Bluetooth devices.

Original NVD description (English source)

Type Confusion in Bluetooth in Google Chrome on Windows prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS