HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14093Published Modified CNA Chrome

CVE-2026-14093: Use after free in Cast in Google Chrome prior to 150

Use after free in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability in the Cast component of Google Chrome prior to version 150.0.7871.47 allows a remote attacker who has already compromised the renderer process to escape the browser sandbox via a crafted HTML page. The attack is reachable over the network and requires no authentication, though victim interaction (visiting a malicious page) is necessary. Successful exploitation gives the attacker full read, write, and execution capability outside the sandbox, enabling data theft, file tampering, or arbitrary code execution on the host. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version of Chrome.

HarborGuard Coverage

Detection

Detection for CVE-2026-14093 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle a Chrome or Chromium runtime.

Available
Triage

HarborGuard scores this CVE at CVSS 9.6 (Critical) and weights it against each environment's compliance policy to determine urgency and routing, ensuring the finding lands in the correct team inbox within each customer organization without manual triage.

Available
Patch

A patched-image rebuild at Chrome 150.0.7871.47 is available on HarborGuard for any image found to include an affected version. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs regression tests, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by directing a victim to a crafted HTML page hosted remotely.

  • AuthenticationNot required

    No account or credential is needed; any unauthenticated remote attacker can attempt delivery of the malicious page.

  • Victim interactionRequired

    The victim must visit or be redirected to a crafted HTML page, making social engineering or a malicious ad/link the delivery mechanism.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other environmental factors beyond the pre-condition of renderer compromise.

Blast Radius

  • A successful attacker escapes the Chrome sandbox and gains code execution in the context of the browser process on the host operating system.
  • With sandbox escape achieved, the attacker reads files and credentials accessible to the browser process, including stored passwords, cookies, and session tokens.
  • The attacker writes or modifies files on the host filesystem that the browser process has permission to access.
  • The scope of compromise extends beyond the browser (CVSS scope is Changed), meaning impact can reach other processes or components on the same host.

How HarborGuard Handles This

Available on HarborGuard: any container image that bundles Google Chrome or a Chromium-based runtime below version 150.0.7871.47 is flagged as affected the moment the CVE feed is ingested. For customers with auto-remediation enabled, HarborGuard rebuilds the image at the patched version, runs the configured regression suite, and opens a pull request against affected workloads; at critical severity, the median time from publication to a merged patch PR is around 90 minutes for environments with this feature active. For customers who manage remediation manually, the finding appears in the HarborGuard dashboard with full CVSS context and a direct reference to the fix version. Where auto-remediation is not permitted by compliance policy, consider isolating affected workloads behind a network policy that restricts outbound renderer access as a compensating control until the image rebuild can be scheduled and approved.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H