HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14106Published Modified CNA Chrome

CVE-2026-14106: Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is an insufficient input validation vulnerability in the Text component of Google Chrome on Android, affecting all versions prior to 150.0.7871.47. The flaw is reachable over the network and requires no authentication, but does require a victim to visit a crafted HTML page; additionally, the attacker must have already compromised the Chrome renderer process as a precondition. Successful exploitation enables a full sandbox escape, granting the attacker read access to confidential data, the ability to tamper with data, and the ability to crash or disrupt the affected application. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-14106 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of publication from upstream feeds, including custom-built Android-based Chrome images in customer registries and CI pipelines. The capability covers both pulled upstream images and internally assembled images that bundle an affected Chrome version.

Available
Triage

HarborGuard is capable of scoring this CVE at its published CVSS v3.1 rating of 9.6 (Critical) and weighting it against each customer environment's compliance policy to reflect actual organizational risk tolerance. Triage alerts are routed to the appropriate team inbox within each customer org based on configured ownership rules.

Available
Patch

A patched-image rebuild targeting Chrome 150.0.7871.47 becomes available on HarborGuard as soon as the fix version is confirmed in the upstream advisory. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs regression tests against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by directing the victim to a crafted HTML page hosted remotely.

  • AuthenticationNot required

    No account or credentials are needed on the target system; the attack originates from an unauthenticated remote position.

  • Victim interactionRequired

    The victim must navigate to or be social-engineered into loading the attacker-controlled HTML page in the Chrome browser.

  • Attack complexityDetail

    The exploit is reliable and condition-free once triggered, though it carries the implicit precondition that the attacker has already achieved renderer process compromise before attempting the sandbox escape.

Blast Radius

  • A successful sandbox escape breaks out of Chrome's security boundary on the Android device, exposing data readable by the Chrome process such as stored credentials, session tokens, and browsing history.
  • The attacker gains the ability to write or modify data within the escaped context, including tampering with files or application state accessible to Chrome on the device.
  • Full compromise of confidentiality, integrity, and availability is achievable at the scope of the affected Chrome instance and any cross-origin resources it can reach, consistent with the CVSS Scope:Changed rating.
  • Service disruption of the Chrome browser and dependent in-app browsing surfaces is within attacker reach.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-14106 is active across all connected registries and pipelines, matching any image that bundles a Chrome for Android version below 150.0.7871.47. Given the Critical severity (CVSS 9.6) and the sandbox-escape impact, this CVE is prioritized at the top of the triage queue with routing configured per each customer org's ownership policy. For customers who opt into auto-remediation, HarborGuard makes a rebuilt image at version 150.0.7871.47 available, runs a regression test suite against it, and opens a pull request against affected workloads; for Critical-severity issues, the median time from CVE publication to a merged patch PR in auto-remediation-enabled environments is approximately 90 minutes. Where compliance policy requires manual review before merging, the rebuilt image and regression results are staged and surfaced for human approval without delaying detection or triage.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H