HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14044Published Modified CNA Chrome

CVE-2026-14044: Use after free in ANGLE in Google Chrome prior to 150

Use after free in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Use-after-free in ANGLE (the graphics layer inside Google Chrome) allows a remote attacker who has already compromised the Chrome renderer process to escape the browser sandbox via a crafted HTML page. The vulnerability is reachable over the network and requires no authentication, though it does require the victim to visit a malicious page; successful exploitation gives the attacker full read, write, and crash capabilities beyond the sandbox boundary. A patched-image rebuild at Chrome 150.0.7871.47 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-14044 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle a Chrome or Chromium binary.

Available
Triage

HarborGuard scores this CVE at CVSS 9.6 (Critical) and weights it against each environment's compliance policy to prioritize routing; affected findings are surfaced to the appropriate team inbox within the customer org based on configured ownership rules.

Available
Patch

A patched-image rebuild pinned to Chrome 150.0.7871.47 becomes available in HarborGuard as soon as the fix version is confirmed in upstream metadata. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the resulting image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by directing the victim to a crafted HTML page hosted on an attacker-controlled server.

  • AuthenticationNot required

    No account or credential is needed; the attacker only needs the victim to load a page.

  • Victim interactionRequired

    The victim must visit a crafted HTML page, making social engineering (phishing link, malicious ad, redirect) a necessary step in the attack chain.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and requires no special race condition, memory-layout luck, or environmental precondition beyond the renderer compromise already described in the vulnerability.

Blast Radius

  • An attacker who achieves sandbox escape reads files and secrets accessible to the Chrome process on the host, including stored credentials and session data.
  • The attacker gains the ability to write to the filesystem or execute arbitrary code outside the browser sandbox at the privilege level of the running Chrome process.
  • The attacker can crash the host process or destabilize the operating environment beyond the browser, causing service disruption to the affected workload.
  • Because the scope is changed (S:C in the CVSS vector), impact extends beyond the browser sandbox boundary to other components or containers sharing the host.

How HarborGuard Handles This

Available on HarborGuard: any image containing a Chrome or Chromium binary older than 150.0.7871.47 is flagged immediately upon CVE ingestion, which typically occurs within minutes of upstream publication. For customers who opt into auto-remediation, HarborGuard rebuilds the image at the patched version, runs regression tests, and opens a pull request against the affected workload; median time from CVE publication to merged patch PR for Critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the finding is routed to the designated owner inbox with full CVSS context and a direct link to the upstream Chromium advisory. Given the Critical score and sandbox-escape impact, treating this as a same-day remediation candidate is warranted for any environment exposing Chrome-based workloads to external or untrusted traffic.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H