CVE Catalog

CVE-2026-14406

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

An out-of-bounds read vulnerability in V8 in Google Chrome prior to 150.0.7871.46 allows an attacker to convince a user to install a malicious extension, potentially leaking sensitive information from process memory.

Risk Assessment

The risk involves potential exposure of confidential data such as passwords, keys, or other information stored in browser memory through a malicious extension.

Recommendation

Immediately update Google Chrome to version 150.0.7871.46 or later and restrict extension installations to trusted sources only.

Original NVD description (English source)

Out of bounds read in V8 in Google Chrome prior to 150.0.7871.46 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS