CVE-2026-14044: Use after free in ANGLE in Google Chrome prior to 150
Use after free in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Metrics
- CVSS v3.1
- 9.6
- Severity
- CRITICAL
- Fixed in
- 150.0.7871.47
- Affected Products
- 1
HarborGuard Analysis
Synopsis
Use-after-free in ANGLE (the graphics layer inside Google Chrome) allows a remote attacker who has already compromised the Chrome renderer process to escape the browser sandbox via a crafted HTML page. The vulnerability is reachable over the network and requires no authentication, though it does require the victim to visit a malicious page; successful exploitation gives the attacker full read, write, and crash capabilities beyond the sandbox boundary. A patched-image rebuild at Chrome 150.0.7871.47 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-14044 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle a Chrome or Chromium binary.
AvailableHarborGuard scores this CVE at CVSS 9.6 (Critical) and weights it against each environment's compliance policy to prioritize routing; affected findings are surfaced to the appropriate team inbox within the customer org based on configured ownership rules.
AvailableA patched-image rebuild pinned to Chrome 150.0.7871.47 becomes available in HarborGuard as soon as the fix version is confirmed in upstream metadata. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the resulting image, and opens a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker delivers the exploit over the network by directing the victim to a crafted HTML page hosted on an attacker-controlled server.
- AuthenticationNot required
No account or credential is needed; the attacker only needs the victim to load a page.
- Victim interactionRequired
The victim must visit a crafted HTML page, making social engineering (phishing link, malicious ad, redirect) a necessary step in the attack chain.
- Attack complexityDetail
Attack complexity is Low, meaning the exploit is reliable and requires no special race condition, memory-layout luck, or environmental precondition beyond the renderer compromise already described in the vulnerability.
Blast Radius
- An attacker who achieves sandbox escape reads files and secrets accessible to the Chrome process on the host, including stored credentials and session data.
- The attacker gains the ability to write to the filesystem or execute arbitrary code outside the browser sandbox at the privilege level of the running Chrome process.
- The attacker can crash the host process or destabilize the operating environment beyond the browser, causing service disruption to the affected workload.
- Because the scope is changed (S:C in the CVSS vector), impact extends beyond the browser sandbox boundary to other components or containers sharing the host.
How HarborGuard Handles This
Available on HarborGuard: any image containing a Chrome or Chromium binary older than 150.0.7871.47 is flagged immediately upon CVE ingestion, which typically occurs within minutes of upstream publication. For customers who opt into auto-remediation, HarborGuard rebuilds the image at the patched version, runs regression tests, and opens a pull request against the affected workload; median time from CVE publication to merged patch PR for Critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the finding is routed to the designated owner inbox with full CVSS context and a direct link to the upstream Chromium advisory. Given the Critical score and sandbox-escape impact, treating this as a same-day remediation candidate is warranted for any environment exposing Chrome-based workloads to external or untrusted traffic.
Fix available
- Google / Chrome< 150.0.7871.47 (from 150.0.7871.47)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H