CVE-2026-14406
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
An out-of-bounds read vulnerability in V8 in Google Chrome prior to 150.0.7871.46 allows an attacker to convince a user to install a malicious extension, potentially leaking sensitive information from process memory.
Risk Assessment
The risk involves potential exposure of confidential data such as passwords, keys, or other information stored in browser memory through a malicious extension.
Recommendation
Immediately update Google Chrome to version 150.0.7871.46 or later and restrict extension installations to trusted sources only.
Original NVD description (English source)
Out of bounds read in V8 in Google Chrome prior to 150.0.7871.46 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)

