CVE-2026-14398: Use after free in ANGLE in Google Chrome prior to 150
Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Metrics
- CVSS v3.1
- 9.6
- Severity
- CRITICAL
- Fixed in
- 150.0.7871.46
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A use-after-free vulnerability in ANGLE, the graphics-layer translation component inside Google Chrome, allows a remote attacker to exploit a dangling memory pointer by luring a victim to a crafted HTML page. No authentication is required, but the victim must visit the attacker-controlled page; the CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C) reflects network reachability with changed scope, meaning the exploit can break out of Chrome's renderer sandbox. Successful exploitation gives the attacker full read, write, and execution capability across the host process, effectively a sandbox escape with high confidentiality, integrity, and availability impact. A patched-image rebuild at Chrome 150.0.7871.46 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-14398 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle a Chromium or Chrome runtime.
AvailableHarborGuard scores this CVE at CVSS 9.6 Critical and is capable of weighting that score against each customer environment's compliance policy, then routing the finding to the appropriate team inbox within the customer org.
AvailableA patched-image rebuild pinned to Chrome 150.0.7871.46 is available on HarborGuard for any environment found running an affected version. For customers who opt into auto-remediation, HarborGuard runs the rebuild, executes the regression test suite, and opens a PR against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker delivers the exploit over the network by hosting a crafted HTML page that the victim's browser fetches remotely.
- AuthenticationNot required
No account or credential of any kind is needed; any anonymous visitor to the malicious page is a valid target.
- Victim interactionRequired
The victim must navigate to or be redirected to the attacker-controlled HTML page, making a social-engineering or phishing step necessary.
- Attack complexityDetail
Attack complexity is Low, meaning the exploit is reliable and imposes no special environmental conditions, race windows, or memory-layout prerequisites on the attacker.
Blast Radius
- The attacker escapes Chrome's renderer sandbox, gaining code execution in a higher-privilege host process outside the browser's isolation boundary.
- With high confidentiality impact, the attacker reads memory and on-disk data accessible to the Chrome process, including stored credentials, cookies, and session tokens.
- With high integrity impact, the attacker writes or modifies files and process memory reachable from the escaped sandbox context.
- With high availability impact, the attacker can crash or destabilize the Chrome process or dependent host services.
How HarborGuard Handles This
Available on HarborGuard: images containing Chrome versions below 150.0.7871.46 are flagged at CVSS 9.6 Critical as soon as the CVE is ingested, typically within minutes of upstream publication. A rebuild at the patched version 150.0.7871.46 becomes available for any affected image in the customer registry. For customers with auto-remediation enabled, HarborGuard performs the rebuild, runs a regression test pass, and opens a PR against affected workloads; for high and critical severity issues, median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the finding is routed directly to the designated team inbox with the CVSS score, affected image list, and the available fix version, so the review-and-merge decision can be made without additional research.
Fix available
- Google / Chrome< 150.0.7871.46 (from 150.0.7871.46)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H