CVE-2026-14405
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
In Google Chrome prior to version 150.0.7871.46, an uninitialized use vulnerability exists in the V8 engine. A remote attacker can exploit a crafted HTML page to execute arbitrary code within a sandbox.
Risk Assessment
The risk for the organization is the potential for remote code execution by an attacker, which could compromise system confidentiality, integrity, or availability, albeit limited to the sandbox environment.
Recommendation
It is recommended to immediately update Google Chrome to version 150.0.7871.46 or later, which addresses this vulnerability.
Original NVD description (English source)
Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

