CVE-2026-14387: Integer overflow in Skia in Google Chrome prior to 150
Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Metrics
- CVSS v3.1
- 9.6
- Severity
- CRITICAL
- Fixed in
- 150.0.7871.46
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An integer overflow in Skia, the graphics rendering library embedded in Google Chrome versions prior to 150.0.7871.46, allows a remote attacker to escape the browser sandbox by luring a user to a crafted HTML page. The vulnerability is reachable over the network with no authentication required, but does require the victim to visit a malicious page. Successful exploitation gives the attacker full read, write, and denial-of-service capability outside the Chrome sandbox on the host system. A patched-image rebuild at version 150.0.7871.46 is available on HarborGuard for environments running an affected version of Chrome.
HarborGuard Coverage
Detection of CVE-2026-14387 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds, including custom-built images that bundle a vulnerable Chrome or Chromium binary.
AvailableHarborGuard scores this CVE at CVSS 9.6 Critical and applies per-environment compliance policy weighting to prioritize routing, surfacing alerts to the appropriate team inbox within each customer organization.
AvailableA patched-image rebuild at Chrome 150.0.7871.46 becomes available in HarborGuard as soon as the fix version is confirmed. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a PR against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker delivers the exploit over the network by directing the victim to a remotely hosted crafted HTML page.
- AuthenticationNot required
No account or credentials on any system are needed; the attacker only needs to get the victim to load a page.
- Victim interactionRequired
The victim must visit a crafted HTML page, making this a social-engineering vector such as a phishing link or malicious ad.
- Attack complexityDetail
Attack complexity is Low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.
Blast Radius
- Reads arbitrary data from outside the Chrome sandbox, including files, session tokens, and credentials accessible to the browser process user.
- Writes or modifies data on the host filesystem or memory regions outside the sandbox, enabling persistence or payload staging.
- Crashes or disrupts host-level processes or services, going beyond a browser tab and affecting the underlying operating system.
- The Changed scope (S:C in the CVSS vector) means impact extends beyond Chrome itself to other components and users sharing the host.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-14387 is active across all ingested images, including custom images that ship a Chrome or Chromium binary. For environments running an affected version, a patched-image rebuild at 150.0.7871.46 is available immediately upon policy clearance. For customers who opt into auto-remediation, HarborGuard rebuilds the image, runs regression tests, and opens a PR against affected workloads; for Critical-severity issues, median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit auto-remediation, HarborGuard surfaces the finding with full CVSS detail and routing metadata so teams can act manually. Organizations that cannot immediately update should consider network-policy controls that restrict which internal hosts can load arbitrary external URLs through Chrome-based tooling, reducing exposure while the patch is staged.
Fix available
- Google / Chrome< 150.0.7871.46 (from 150.0.7871.46)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H