HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14416Published Modified CNA Chrome

CVE-2026-14416: Out of bounds read in Dawn in Google Chrome prior to 150

Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.46
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An out-of-bounds read vulnerability in Dawn, the WebGPU graphics backend used by Google Chrome, allows a remote attacker to trigger a sandbox escape through a crafted HTML page. The attack is reachable over the network, requires no authentication, but does require the victim to visit a malicious page. Successful exploitation gives the attacker full read, write, and denial-of-service capability beyond the Chrome sandbox boundary, with scope impact extending to the host. A patched-image rebuild at version 150.0.7871.46 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that bundle or derive from a Chromium or Chrome base layer.

Available
Triage

HarborGuard scores this CVE at 9.6 CRITICAL using the provided CVSS v3.1 vector, and triage weighting is available per customer compliance policy to prioritize or escalate accordingly, routing findings to the appropriate team inbox within each customer organization.

Available
Patch

A patched-image rebuild at Chrome 150.0.7871.46 is available on HarborGuard for any environment found to be running an affected version. For customers with auto-remediation enabled, HarborGuard performs the rebuild, runs regression tests, and opens a pull request against the affected workload automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network; the target Chrome instance must be reachable by directing the victim to an attacker-controlled or compromised web page.

  • AuthenticationNot required

    No credentials or prior account access are needed; any unauthenticated remote party can serve the crafted HTML page.

  • Victim interactionRequired

    The victim must navigate to or be redirected to the crafted HTML page, making social engineering or malicious ad delivery the primary delivery vector.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.

Blast Radius

  • The attacker escapes the Chrome renderer sandbox, gaining code execution in a broader process context on the victim host.
  • Confidentiality impact is high: the attacker reads memory and data outside the sandbox, including session tokens, cached credentials, and browser-accessible file content.
  • Integrity impact is high: the attacker writes to memory or storage outside the sandbox, enabling persistent changes or injection of malicious data.
  • Availability impact is high: the attacker crashes or destabilizes the affected Chrome process and potentially dependent host services.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-14416 is matched against all scanned images within minutes of ingestion, including custom images built on a Chrome or Chromium base. Because this is rated CRITICAL at 9.6, it is surfaced at the highest priority tier in the HarborGuard triage queue and routed per each customer organization's compliance policy. A patched-image rebuild at Chrome 150.0.7871.46 is available for any environment where an affected version is detected. For customers who opt into auto-remediation, HarborGuard triggers a rebuild at the fix version, runs a regression-test suite against the resulting image, and opens a pull request against affected workloads; the median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuild is staged and the PR is held for reviewer sign-off.

See how HarborGuard automates this

Fix available

150.0.7871.46
Affected packages
  • Google / Chrome
    < 150.0.7871.46 (from 150.0.7871.46)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H