HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14417Published Modified CNA Chrome

CVE-2026-14417: Use after free in Dawn in Google Chrome prior to 150

Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.46
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability in Dawn, the WebGPU implementation in Google Chrome, allows a remote attacker to exploit the browser through a specially crafted HTML page. The attack is reachable over the network, requires no authentication, but does need the victim to visit a malicious page; the CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C) reflects a scope change, meaning the exploit can break out of the Chrome sandbox and affect resources beyond the browser process itself. Successful exploitation gives the attacker full read, write, and availability impact on the host, including confidential data, persistent modification, and potential code execution outside the sandbox. A patched-image rebuild at version 150.0.7871.46 is available on HarborGuard for environments running an affected version of Chrome.

HarborGuard Coverage

Detection

Detection of CVE-2026-14417 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle Chrome or Chromium. Any image carrying a Chrome version below 150.0.7871.46 is flagged automatically.

Available
Triage

HarborGuard scores this vulnerability at CVSS 9.6 (Critical) and surfaces it accordingly in each customer org's priority queue. Per-environment compliance policy weighting is applied so the finding is routed to the team responsible for browser-runtime images, with severity-appropriate SLA thresholds applied automatically.

Available
Patch

A patched-image rebuild targeting Chrome 150.0.7871.46 becomes available through HarborGuard as soon as the fixed base image or package is resolvable from upstream. For customers with auto-remediation enabled, HarborGuard performs the rebuild, runs the configured regression suite, and opens a pull request against each affected workload; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the victim's browser over the network by serving a crafted HTML page from a remote origin.

  • AuthenticationNot required

    No account or credential of any kind is needed; any user browsing to the malicious page is a valid target.

  • Victim interactionRequired

    The victim must visit the attacker-controlled page, making social engineering (phishing link, malicious ad, compromised site) a necessary step.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other hard-to-control environmental factors.

Blast Radius

  • The attacker reads confidential data accessible to the Chrome process, including stored credentials, cookies, and session tokens.
  • The attacker writes or modifies data within the browser context and, via sandbox escape, on the underlying host filesystem or process space.
  • The scope change (S:C) means impact extends beyond the browser sandbox, so host-level processes and resources are reachable after exploitation.
  • The attacker can crash or destabilize the affected Chrome process or, post-escape, other services on the host, disrupting availability.

How HarborGuard Handles This

Available on HarborGuard: detection of this Critical use-after-free fires automatically against any image that packages Chrome below 150.0.7871.46, covering both upstream base images and internally built images. For customers with auto-remediation enabled, HarborGuard triggers a rebuild at the fixed version (150.0.7871.46), executes the regression test suite, and opens a pull request against affected workloads, with a median time to merged patch PR of around 90 minutes for critical-severity findings. Where compliance policy requires manual approval, the rebuilt image and full CVSS detail are staged for reviewer sign-off. Because this vulnerability carries a scope-change rating and enables sandbox escape leading to full host compromise, customers who cannot immediately apply the patch are advised to enforce network policies that restrict outbound browser traffic to known-good origins and to consider disabling WebGPU (the Dawn feature surface) via feature-flag or enterprise policy until the fixed image is deployed.

See how HarborGuard automates this

Fix available

150.0.7871.46
Affected packages
  • Google / Chrome
    < 150.0.7871.46 (from 150.0.7871.46)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H