CVE Catalog

CVE-2026-14424

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

A use-after-free vulnerability exists in the Dawn component of Google Chrome on Mac prior to version 150.0.7871.46. A remote attacker could exploit a crafted HTML page to potentially achieve a sandbox escape.

Risk Assessment

The risk for the organization is the potential for an attacker to gain control of the browser process and bypass sandbox restrictions, leading to arbitrary code execution in the user's context.

Recommendation

Immediately update Google Chrome to version 150.0.7871.46 or later on all Mac systems within the organization.

Original NVD description (English source)

Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS