HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14101Published Modified CNA Chrome

CVE-2026-14101: Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150

Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a sandbox escape vulnerability in Google Chrome on macOS affecting versions prior to 150.0.7871.47. A remote attacker who has already compromised the Chrome renderer process can exploit insufficient policy enforcement by serving a crafted HTML page, causing Chrome to break out of its sandbox containment. Successful exploitation grants the attacker capabilities beyond the sandboxed renderer, including full confidentiality, integrity, and availability impact on the host. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: CVE-2026-14101 is ingested from upstream vulnerability feeds within minutes of publication and matched against all customer images, including custom-built images that package or embed Chrome on macOS base layers. Any image containing an affected Chrome version is flagged immediately in the customer's registry and CI/CD pipeline scan results.

Available
Triage

HarborGuard scores this CVE at CVSS 9.6 (Critical) and weights that score against each environment's compliance policy to determine escalation priority. Findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules for the affected image or workload.

Available
Patch

A patched-image rebuild pinned to Chrome 150.0.7871.47 becomes available through HarborGuard as soon as the fix version is confirmed. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the crafted HTML page over the network, so the affected Chrome instance must be reachable or browsing attacker-controlled content via the internet.

  • AuthenticationNot required

    No credentials or account are needed; the attacker only needs to serve a crafted page to a victim running an affected Chrome version.

  • Victim interactionRequired

    The victim must visit a crafted HTML page, meaning the attacker relies on social engineering or malicious ad delivery to get the user to load the page.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other environmental preconditions beyond the attacker having already compromised the renderer process.

Blast Radius

  • The attacker escapes the Chrome sandbox and gains execution context outside the sandboxed renderer, with access to the broader macOS user session.
  • Confidentiality impact is high: the attacker reads files, credentials, cookies, and other data accessible to the macOS user running Chrome.
  • Integrity impact is high: the attacker writes or modifies files and system state on the host, including persistent artifacts like login items or application data.
  • Availability impact is high: the attacker can crash, terminate, or otherwise disrupt processes and services on the host system.

How HarborGuard Handles This

Available on HarborGuard: this CVE is matched against customer images continuously, and any image layer packaging Chrome on a macOS base is flagged at the Critical severity tier. Where compliance policy permits auto-remediation, HarborGuard rebuilds the affected image at Chrome 150.0.7871.47, runs a regression test suite, and opens a pull request against the affected workload. For Critical-severity issues, the median time from CVE publication to a merged patch PR is around 90 minutes for environments with auto-remediation enabled. Customers who manage remediation manually receive a prioritized finding with the fix version, affected image digest, and layer provenance detail to accelerate their own patching workflow.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H