CVE-2026-14407
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
An inappropriate implementation in the V8 engine of Google Chrome prior to version 150.0.7871.46 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The vulnerability stems from a flaw in the V8 component.
Risk Assessment
A remote attacker can execute arbitrary code within the browser sandbox, potentially leading to data compromise or further privilege escalation.
Recommendation
Immediately update Google Chrome to version 150.0.7871.46 or later. Ensure update policies cover all browser instances in the organization.
Original NVD description (English source)
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

