CVE-2026-14390: Use after free in ANGLE in Google Chrome prior to 150
Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Metrics
- CVSS v3.1
- 9.6
- Severity
- CRITICAL
- Fixed in
- 150.0.7871.46
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A use-after-free vulnerability in ANGLE, the graphics translation layer inside Google Chrome, affects all Chrome versions prior to 150.0.7871.46. The flaw is reachable over the network without any account or credentials, but requires the victim to visit a crafted HTML page. Successful exploitation gives a remote attacker full read, write, and availability impact across the browser process and breaks out of Chrome's sandbox, enabling code execution on the underlying host. A patched-image rebuild at version 150.0.7871.46 is available on HarborGuard for environments running an affected version of Chrome.
HarborGuard Coverage
Detection is available across every HarborGuard environment: CVE-2026-14390 is ingested from upstream advisory feeds within minutes of publication and matched against customer container images, including custom-built images that bundle Chrome or Chromium, in both registry scans and CI pipeline checks.
AvailableHarborGuard is capable of scoring this CVE at its published CVSS 3.1 rating of 9.6 (Critical) and weighting it against each environment's compliance policy, then routing the finding to the appropriate team inbox inside the customer org for immediate review.
AvailableA patched-image rebuild pinned to Chrome 150.0.7871.46 is available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker delivers the exploit over the network by serving a crafted HTML page; the target Chrome instance must be able to reach attacker-controlled web content.
- AuthenticationNot required
No account, session token, or credentials of any kind are needed; the attacker is anonymous.
- Victim interactionRequired
The victim must navigate to or be redirected to the attacker's crafted HTML page, making this a social-engineering or drive-by scenario.
- Attack complexityDetail
Attack complexity is Low, meaning the exploit is reliable and does not depend on race conditions, memory layout luck, or other environmental factors.
Blast Radius
- A successful attacker reads sensitive data from the browser process, including stored credentials, session tokens, and page content from any open origin.
- The attacker modifies browser memory and persisted browser state, including cookies, cached data, and extension storage.
- The sandbox escape gives the attacker code execution in the context of the Chrome renderer and then the host OS process, bypassing Chrome's primary isolation boundary.
- The attacker can crash or render the affected browser instance unavailable, disrupting the end user's session and any dependent services.
How HarborGuard Handles This
Available on HarborGuard: CVE-2026-14390 is matched against customer images within minutes of advisory publication, covering any container image that ships Chrome or Chromium below 150.0.7871.46. Given the Critical severity and CVSS score of 9.6, this CVE is prioritized at the top of the triage queue and routed immediately to the team designated in each customer's compliance policy. A patched-image rebuild at Chrome 150.0.7871.46 is available for affected images; for customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs regression tests against the resulting image, and opens a pull request against affected workloads. For environments where auto-remediation policy is not enabled, HarborGuard surfaces the finding with remediation instructions pointing to the 150.0.7871.46 upgrade. Given the sandbox-escape impact, customers without auto-remediation should treat manual remediation as urgent and consider network-policy controls that restrict which container workloads can load arbitrary external web content in the interim.
Fix available
- Google / Chrome< 150.0.7871.46 (from 150.0.7871.46)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H