HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14097Published Modified CNA Chrome

CVE-2026-14097: Inappropriate implementation in WebAppInstalls in Google Chrome on Mac prior to 150

Inappropriate implementation in WebAppInstalls in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A sandbox escape vulnerability exists in the WebAppInstalls component of Google Chrome on macOS in versions prior to 150.0.7871.47. The flaw is reachable over the network and requires no authentication, though it does require user interaction with a crafted HTML page; an attacker who has already compromised the renderer process can exploit an inappropriate implementation to break out of Chrome's sandbox entirely. Successful exploitation gives the attacker full confidentiality, integrity, and availability impact on the host system. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that bundle Chrome on macOS base layers.

Available
Triage

HarborGuard scores this CVE at CVSS 9.6 (Critical) and weights it against each environment's compliance policy to determine urgency and routing, surfacing findings to the appropriate team inbox within each customer organization.

Available
Patch

A patched-image rebuild at Chrome 150.0.7871.47 becomes available on HarborGuard for any image found to include an affected version. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs a regression test suite, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the crafted HTML page over the network, so the targeted host must be reachable and the user must browse to the attacker-controlled content.

  • AuthenticationNot required

    No account or credential of any kind is required; the attack is reachable by any anonymous remote party who can serve a web page.

  • Victim interactionRequired

    The user must open or navigate to a crafted HTML page, making this a social-engineering-dependent attack that requires the victim to take an action in the browser.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and imposes no special environmental conditions or race-condition requirements beyond a compromised renderer process.

Blast Radius

  • A successful sandbox escape grants the attacker code execution outside Chrome's sandboxed renderer, at the privilege level of the macOS user running Chrome.
  • The attacker reads arbitrary files and secrets accessible to that user account, including stored credentials, session tokens, and application data.
  • The attacker modifies or deletes files on the host filesystem, including application binaries and user data stores.
  • The attacker can crash or otherwise disrupt the host system or any process running under the same user context.

How HarborGuard Handles This

Available on HarborGuard: images containing Google Chrome on macOS base layers are scanned against this CVE immediately upon ingest, with results available within minutes of the CVE's publication. For environments with auto-remediation enabled, HarborGuard rebuilds affected images at Chrome 150.0.7871.47, runs a regression test pass, and opens a patch PR against affected workloads; median time from CVE publication to merged patch PR for Critical-severity issues is around 90 minutes in those environments. Where compliance policy requires manual approval before image promotion, HarborGuard routes the finding and a pre-built patched image to the designated team inbox so reviewers can approve without waiting on a separate build step. Customers who cannot immediately update are encouraged to apply network-policy controls that restrict which endpoints users can reach from affected hosts, reducing exposure while the patch is reviewed and promoted.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H