HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14387Published Modified CNA Chrome

CVE-2026-14387: Integer overflow in Skia in Google Chrome prior to 150

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.46
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An integer overflow in Skia, the graphics rendering library embedded in Google Chrome versions prior to 150.0.7871.46, allows a remote attacker to escape the browser sandbox by luring a user to a crafted HTML page. The vulnerability is reachable over the network with no authentication required, but does require the victim to visit a malicious page. Successful exploitation gives the attacker full read, write, and denial-of-service capability outside the Chrome sandbox on the host system. A patched-image rebuild at version 150.0.7871.46 is available on HarborGuard for environments running an affected version of Chrome.

HarborGuard Coverage

Detection

Detection of CVE-2026-14387 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds, including custom-built images that bundle a vulnerable Chrome or Chromium binary.

Available
Triage

HarborGuard scores this CVE at CVSS 9.6 Critical and applies per-environment compliance policy weighting to prioritize routing, surfacing alerts to the appropriate team inbox within each customer organization.

Available
Patch

A patched-image rebuild at Chrome 150.0.7871.46 becomes available in HarborGuard as soon as the fix version is confirmed. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by directing the victim to a remotely hosted crafted HTML page.

  • AuthenticationNot required

    No account or credentials on any system are needed; the attacker only needs to get the victim to load a page.

  • Victim interactionRequired

    The victim must visit a crafted HTML page, making this a social-engineering vector such as a phishing link or malicious ad.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.

Blast Radius

  • Reads arbitrary data from outside the Chrome sandbox, including files, session tokens, and credentials accessible to the browser process user.
  • Writes or modifies data on the host filesystem or memory regions outside the sandbox, enabling persistence or payload staging.
  • Crashes or disrupts host-level processes or services, going beyond a browser tab and affecting the underlying operating system.
  • The Changed scope (S:C in the CVSS vector) means impact extends beyond Chrome itself to other components and users sharing the host.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-14387 is active across all ingested images, including custom images that ship a Chrome or Chromium binary. For environments running an affected version, a patched-image rebuild at 150.0.7871.46 is available immediately upon policy clearance. For customers who opt into auto-remediation, HarborGuard rebuilds the image, runs regression tests, and opens a PR against affected workloads; for Critical-severity issues, median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit auto-remediation, HarborGuard surfaces the finding with full CVSS detail and routing metadata so teams can act manually. Organizations that cannot immediately update should consider network-policy controls that restrict which internal hosts can load arbitrary external URLs through Chrome-based tooling, reducing exposure while the patch is staged.

See how HarborGuard automates this

Fix available

150.0.7871.46
Affected packages
  • Google / Chrome
    < 150.0.7871.46 (from 150.0.7871.46)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H