HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14392Published Modified CNA Chrome

CVE-2026-14392: Out of bounds write in Tint in Google Chrome prior to 150

Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.46
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An out-of-bounds write vulnerability exists in Tint, the shader compilation component of Google Chrome prior to version 150.0.7871.46. The flaw is reachable over the network without any authentication, but requires a victim to visit a crafted HTML page. Successful exploitation gives a remote attacker the ability to escape Chrome's sandbox, enabling full read, write, and availability impact on the underlying host. A patched-image rebuild at version 150.0.7871.46 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-14392 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle a Chrome or Chromium binary.

Available
Triage

HarborGuard scores this CVE at 9.6 CRITICAL using the published CVSS v3.1 vector, and per-environment compliance policy weighting is applied to prioritize routing; alerts are delivered to the inbox or ticketing integration configured for each customer organization.

Available
Patch

A patched-image rebuild at Chrome 150.0.7871.46 becomes available through HarborGuard for any image found to include an affected Chrome or Chromium version. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs the configured regression suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by serving a crafted HTML page, so the victim's browser must be able to reach the attacker-controlled origin.

  • AuthenticationNot required

    No account or credential is needed on the targeted system; any unauthenticated remote attacker can attempt the exploit.

  • Victim interactionRequired

    The victim must navigate to or be social-engineered into opening a crafted HTML page in an affected version of Chrome.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no specific race condition, memory-layout dependency, or other environmental prerequisite beyond victim interaction.

Blast Radius

  • Attacker escapes Chrome's renderer sandbox, gaining code execution outside the browser's isolation boundary.
  • Attacker reads arbitrary files, credentials, and session material accessible to the OS user running Chrome.
  • Attacker writes or modifies files and data on the host, including persistent storage and configuration.
  • Attacker can crash or destabilize the host process or dependent services, disrupting availability.

How HarborGuard Handles This

Available on HarborGuard: any image containing Google Chrome or Chromium below version 150.0.7871.46 is flagged immediately upon CVE ingestion, which occurs within minutes of upstream publication. For customers with auto-remediation enabled, HarborGuard rebuilds the image at the patched version, executes the configured regression tests, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. For customers who manage patching manually, the finding is routed to the configured inbox with the CVSS 9.6 CRITICAL score and affected image inventory attached. Given the sandbox-escape impact and the requirement for only a single user visit to a malicious page, upgrading to 150.0.7871.46 or later should be treated as an immediate priority.

See how HarborGuard automates this

Fix available

150.0.7871.46
Affected packages
  • Google / Chrome
    < 150.0.7871.46 (from 150.0.7871.46)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H