HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14105Published Modified CNA Chrome

CVE-2026-14105: Insufficient policy enforcement in Speech in Google Chrome prior to 150

Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a same-origin policy bypass in the Speech component of Google Chrome prior to version 150.0.7871.47, caused by insufficient policy enforcement. The vulnerability is reachable over the network and requires no authentication, but does require the victim to visit a crafted HTML page. Successful exploitation gives a remote attacker full read, write, and denial-of-service capability across cross-origin content, including data from other browser tabs or frames. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-14105 is available across every HarborGuard environment, with the CVE ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images containing affected Chrome versions. Any image in a customer registry or CI pipeline carrying a Chrome version below 150.0.7871.47 is flagged automatically.

Available
Triage

HarborGuard scores this CVE at CVSS 9.6 (Critical) and weighs it against each environment's compliance policy to determine escalation priority. Triage findings are routed to the appropriate team inbox within each customer organization based on configured policy rules.

Available
Patch

A patched-image rebuild at Chrome 150.0.7871.47 becomes available on HarborGuard for any environment where an affected image is detected. For customers with auto-remediation enabled, HarborGuard triggers the rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network; the victim's browser must be able to reach a remotely hosted crafted HTML page.

  • AuthenticationNot required

    No account or credentials are required; any unauthenticated user visiting the crafted page is a valid target.

  • Victim interactionRequired

    The victim must be socially engineered into visiting or loading a crafted HTML page, making user interaction a required step in the attack chain.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special race conditions, memory layout assumptions, or other environmental factors to succeed.

Blast Radius

  • A successful attacker reads content from cross-origin pages, including session tokens, form data, and authenticated responses belonging to other sites open in the browser.
  • The attacker writes to or modifies cross-origin content, allowing manipulation of data or actions performed in the context of other origins.
  • The attacker can crash or disrupt the affected browser context, causing denial of service for the victim's active session.
  • Because the scope is changed (S:C in the CVSS vector), impact extends beyond the originating page to other browser origins and frames the victim has open.

How HarborGuard Handles This

Available on HarborGuard: images containing Google Chrome below version 150.0.7871.47 are matched against this CVE within minutes of ingest, covering both pulled upstream images and custom-built images in customer pipelines. For customers with auto-remediation enabled, HarborGuard initiates a rebuild at 150.0.7871.47, runs regression tests, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the flagged finding and recommended fix version are routed to the designated team inbox for review. Given the critical CVSS score and the requirement for only a single user interaction step, prioritizing this patch is strongly advised for any environment serving Chrome-based workloads.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H