HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14398Published Modified CNA Chrome

CVE-2026-14398: Use after free in ANGLE in Google Chrome prior to 150

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.46
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability in ANGLE, the graphics-layer translation component inside Google Chrome, allows a remote attacker to exploit a dangling memory pointer by luring a victim to a crafted HTML page. No authentication is required, but the victim must visit the attacker-controlled page; the CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C) reflects network reachability with changed scope, meaning the exploit can break out of Chrome's renderer sandbox. Successful exploitation gives the attacker full read, write, and execution capability across the host process, effectively a sandbox escape with high confidentiality, integrity, and availability impact. A patched-image rebuild at Chrome 150.0.7871.46 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-14398 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle a Chromium or Chrome runtime.

Available
Triage

HarborGuard scores this CVE at CVSS 9.6 Critical and is capable of weighting that score against each customer environment's compliance policy, then routing the finding to the appropriate team inbox within the customer org.

Available
Patch

A patched-image rebuild pinned to Chrome 150.0.7871.46 is available on HarborGuard for any environment found running an affected version. For customers who opt into auto-remediation, HarborGuard runs the rebuild, executes the regression test suite, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by hosting a crafted HTML page that the victim's browser fetches remotely.

  • AuthenticationNot required

    No account or credential of any kind is needed; any anonymous visitor to the malicious page is a valid target.

  • Victim interactionRequired

    The victim must navigate to or be redirected to the attacker-controlled HTML page, making a social-engineering or phishing step necessary.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and imposes no special environmental conditions, race windows, or memory-layout prerequisites on the attacker.

Blast Radius

  • The attacker escapes Chrome's renderer sandbox, gaining code execution in a higher-privilege host process outside the browser's isolation boundary.
  • With high confidentiality impact, the attacker reads memory and on-disk data accessible to the Chrome process, including stored credentials, cookies, and session tokens.
  • With high integrity impact, the attacker writes or modifies files and process memory reachable from the escaped sandbox context.
  • With high availability impact, the attacker can crash or destabilize the Chrome process or dependent host services.

How HarborGuard Handles This

Available on HarborGuard: images containing Chrome versions below 150.0.7871.46 are flagged at CVSS 9.6 Critical as soon as the CVE is ingested, typically within minutes of upstream publication. A rebuild at the patched version 150.0.7871.46 becomes available for any affected image in the customer registry. For customers with auto-remediation enabled, HarborGuard performs the rebuild, runs a regression test pass, and opens a PR against affected workloads; for high and critical severity issues, median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the finding is routed directly to the designated team inbox with the CVSS score, affected image list, and the available fix version, so the review-and-merge decision can be made without additional research.

See how HarborGuard automates this

Fix available

150.0.7871.46
Affected packages
  • Google / Chrome
    < 150.0.7871.46 (from 150.0.7871.46)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H