CVE-2026-14043: Use after free in GetUserMedia in Google Chrome prior to 150
Use after free in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Metrics
- CVSS v3.1
- 9.6
- Severity
- CRITICAL
- Fixed in
- 150.0.7871.47
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A use-after-free vulnerability in the GetUserMedia component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker who has already compromised the renderer process to escape the browser sandbox via a crafted HTML page. The vulnerability is reachable over the network and requires the victim to visit a malicious page, but no authentication is needed. Successful exploitation gives the attacker full code execution outside the sandbox, with high impact to confidentiality, integrity, and availability. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version of Chrome.
HarborGuard Coverage
Detection of CVE-2026-14043 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle a Chrome or Chromium runtime.
AvailableHarborGuard is capable of scoring this CVE at CVSS 9.6 (Critical) and weighting findings against each environment's compliance policy to determine urgency; triage results are routed to the appropriate team inbox within each customer organization based on configured ownership rules.
AvailableA patched-image rebuild at Chrome 150.0.7871.47 becomes available through HarborGuard once an affected image is identified; for customers with auto-remediation enabled, HarborGuard performs the rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker delivers the exploit over the network by luring the victim to a crafted HTML page served from a remote host.
- AuthenticationNot required
No account or credentials are needed; the attack works against any unauthenticated browser session.
- Victim interactionRequired
The victim must visit a crafted HTML page, making social engineering (phishing link, malicious ad, or redirected URL) a necessary part of the attack chain.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental prerequisites beyond an already-compromised renderer process.
Blast Radius
- A successful sandbox escape lets the attacker execute arbitrary code at the privilege level of the Chrome process on the host, breaking out of the browser's isolation boundary.
- The attacker reads sensitive data accessible to the Chrome process, including stored credentials, session cookies, and files the browser user can access on disk.
- The attacker modifies local files, browser profile data, or system configuration within the reach of the Chrome process user account.
- The attacker can crash or destabilize the browser or trigger denial-of-service conditions on the host process.
How HarborGuard Handles This
Available on HarborGuard: any image containing a Chrome or Chromium runtime below version 150.0.7871.47 is flagged at Critical severity within minutes of the CVE entering the upstream feed. For customers with auto-remediation enabled, HarborGuard rebuilds the image at the patched version (150.0.7871.47), runs a regression test suite, and opens a pull request against affected workloads; the median time from CVE publication to merged patch PR for Critical-severity issues is around 90 minutes in environments with auto-remediation active. For customers who manage patching manually, the finding appears immediately in the HarborGuard dashboard with remediation guidance pointing to the fix version. Where compliance policy restricts auto-remediation, compensating controls such as network-policy isolation of workloads running Chrome or blocking untrusted external URLs at the egress layer are surfaced as interim recommendations until the patched image is promoted.
Fix available
- Google / Chrome< 150.0.7871.47 (from 150.0.7871.47)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H