CVE Catalog

CVE-2026-14405

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile — higher than 22% of all known CVEs

Summary

In Google Chrome prior to version 150.0.7871.46, an uninitialized use vulnerability exists in the V8 engine. A remote attacker can exploit a crafted HTML page to execute arbitrary code within a sandbox.

Risk Assessment

The risk for the organization is the potential for remote code execution by an attacker, which could compromise system confidentiality, integrity, or availability, albeit limited to the sandbox environment.

Recommendation

It is recommended to immediately update Google Chrome to version 150.0.7871.46 or later, which addresses this vulnerability.

Original NVD description (English source)

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS