HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14095Published Modified CNA Chrome

CVE-2026-14095: Insufficient policy enforcement in Browser in Google Chrome prior to 150

Insufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a sandbox escape vulnerability in Google Chrome versions prior to 150.0.7871.47, caused by insufficient policy enforcement in the browser process. An attacker who has already compromised the Chrome renderer process can trigger the flaw remotely by serving a crafted HTML page, requiring only that a victim visit the page in their browser. Successful exploitation gives the attacker full read, write, and denial-of-service capability on the affected system, breaking out of Chrome's security sandbox entirely. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-14095 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of its publication in upstream advisory feeds. This capability covers both images pulled from public registries and custom-built images that include a bundled or embedded Chrome binary.

Available
Triage

HarborGuard is capable of scoring this CVE at CVSS 9.6 (Critical) and weighting that score against each environment's compliance policy to determine urgency. Triage routing is available to direct findings to the appropriate team inbox within each customer organization based on their configured alert rules.

Available
Patch

A patched-image rebuild at Chrome 150.0.7871.47 becomes available on HarborGuard for any customer environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard can perform the rebuild, run a regression test suite, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the crafted HTML page over the network, so the victim's browser must be reachable to or able to connect to an attacker-controlled web origin.

  • AuthenticationNot required

    No authentication is required; any user who visits the crafted page can be targeted without logging in to any service.

  • Victim interactionRequired

    The victim must visit the attacker-crafted HTML page in their browser, making this a social-engineering or malicious-link scenario.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other environmental factors beyond the renderer compromise precondition.

Blast Radius

  • A successful attacker escapes the Chrome sandbox and gains code execution in the context of the browser process on the host operating system.
  • The attacker reads files and data accessible to the user running Chrome, including stored credentials, cookies, and session tokens.
  • The attacker can write or modify files on the host, including planting malicious binaries or altering user data.
  • The attacker can crash or disrupt the host-level browser process, causing a denial of service for the affected user.

How HarborGuard Handles This

Available on HarborGuard: detection of this Critical-severity sandbox escape is matched against customer images within minutes of CVE publication. For environments where an affected Chrome version is present in a container image, a rebuild at 150.0.7871.47 is available immediately. For customers who opt into auto-remediation, HarborGuard performs the patched rebuild, runs a regression test pass, and opens a pull request against affected workloads automatically; for high and critical severity issues, the median time from CVE publication to a merged patch PR in auto-remediation-enabled environments is around 90 minutes. Where compliance policy requires manual approval, the finding is routed to the configured team inbox with full CVSS context so engineers can act without hunting for details.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H