CVE-2026-14105: Insufficient policy enforcement in Speech in Google Chrome prior to 150
Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
Metrics
- CVSS v3.1
- 9.6
- Severity
- CRITICAL
- Fixed in
- 150.0.7871.47
- Affected Products
- 1
HarborGuard Analysis
Synopsis
This is a same-origin policy bypass in the Speech component of Google Chrome prior to version 150.0.7871.47, caused by insufficient policy enforcement. The vulnerability is reachable over the network and requires no authentication, but does require the victim to visit a crafted HTML page. Successful exploitation gives a remote attacker full read, write, and denial-of-service capability across cross-origin content, including data from other browser tabs or frames. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-14105 is available across every HarborGuard environment, with the CVE ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images containing affected Chrome versions. Any image in a customer registry or CI pipeline carrying a Chrome version below 150.0.7871.47 is flagged automatically.
AvailableHarborGuard scores this CVE at CVSS 9.6 (Critical) and weighs it against each environment's compliance policy to determine escalation priority. Triage findings are routed to the appropriate team inbox within each customer organization based on configured policy rules.
AvailableA patched-image rebuild at Chrome 150.0.7871.47 becomes available on HarborGuard for any environment where an affected image is detected. For customers with auto-remediation enabled, HarborGuard triggers the rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker delivers the exploit over the network; the victim's browser must be able to reach a remotely hosted crafted HTML page.
- AuthenticationNot required
No account or credentials are required; any unauthenticated user visiting the crafted page is a valid target.
- Victim interactionRequired
The victim must be socially engineered into visiting or loading a crafted HTML page, making user interaction a required step in the attack chain.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special race conditions, memory layout assumptions, or other environmental factors to succeed.
Blast Radius
- A successful attacker reads content from cross-origin pages, including session tokens, form data, and authenticated responses belonging to other sites open in the browser.
- The attacker writes to or modifies cross-origin content, allowing manipulation of data or actions performed in the context of other origins.
- The attacker can crash or disrupt the affected browser context, causing denial of service for the victim's active session.
- Because the scope is changed (S:C in the CVSS vector), impact extends beyond the originating page to other browser origins and frames the victim has open.
How HarborGuard Handles This
Available on HarborGuard: images containing Google Chrome below version 150.0.7871.47 are matched against this CVE within minutes of ingest, covering both pulled upstream images and custom-built images in customer pipelines. For customers with auto-remediation enabled, HarborGuard initiates a rebuild at 150.0.7871.47, runs regression tests, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the flagged finding and recommended fix version are routed to the designated team inbox for review. Given the critical CVSS score and the requirement for only a single user interaction step, prioritizing this patch is strongly advised for any environment serving Chrome-based workloads.
Fix available
- Google / Chrome< 150.0.7871.47 (from 150.0.7871.47)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H