CVE Catalog

CVE-2026-14419

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

A use-after-free vulnerability in Skia in Google Chrome prior to 150.0.7871.46 allows a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Risk Assessment

This critical severity vulnerability enables an attacker to bypass browser sandbox protections, potentially leading to full system compromise.

Recommendation

Immediately update Google Chrome to version 150.0.7871.46 or later. Users should also consider enabling automatic updates.

Original NVD description (English source)

Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS