HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14420Published Modified CNA Chrome

CVE-2026-14420: Out of bounds read and write in Dawn in Google Chrome prior to 150

Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.46
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An out-of-bounds read and write vulnerability exists in Dawn, the WebGPU implementation inside Google Chrome versions prior to 150.0.7871.46. The flaw is reachable over the network with no authentication required, but a victim must visit a crafted HTML page for the attack to trigger. Successful exploitation enables sandbox escape, giving an attacker the ability to read and write memory outside the Chrome sandbox, execute arbitrary code on the underlying host, and fully compromise confidentiality, integrity, and availability of the affected system. A patched-image rebuild at version 150.0.7871.46 is available on HarborGuard for environments running an affected Chrome version.

HarborGuard Coverage

Detection

Detection of CVE-2026-14420 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle a Chrome or Chromium runtime.

Available
Triage

HarborGuard surfaces this CVE with its CVSS v3.1 score of 9.6 (Critical), weighted against each environment's compliance policy, and routes findings to the appropriate team inbox within the customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild pinned to Chrome 150.0.7871.46 becomes available on HarborGuard the moment the fix version is confirmed. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by directing the victim to a crafted HTML page hosted on an attacker-controlled server.

  • AuthenticationNot required

    No account or credential of any kind is required; the exploit works against any unauthenticated browser session.

  • Victim interactionRequired

    The victim must navigate to or be redirected to the crafted HTML page, requiring at minimum a click on a malicious link or a drive-by redirect.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special environmental conditions, race wins, or memory-layout prerequisites.

Blast Radius

  • A successful sandbox escape lets the attacker execute arbitrary code as the OS-level user running Chrome, outside the browser sandbox.
  • The attacker reads any data accessible to that OS user, including stored credentials, session tokens, and files on disk.
  • The attacker writes or modifies files and persisted data accessible to that OS user, including application data and configuration.
  • The attacker can crash or destabilize the host process and dependent services, causing a loss of availability.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-14420 is active across connected registries and pipelines, matching any image that packages a Chrome or Chromium binary below version 150.0.7871.46. Given the Critical severity (CVSS 9.6) and confirmed sandbox-escape impact, this CVE is prioritized at the top of the triage queue under default HarborGuard policy. For customers with auto-remediation enabled, HarborGuard rebuilds the affected image at the patched version, runs regression tests, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for Critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval before merge, the PR is opened and held for review with full diff and test results attached. Customers who cannot immediately upgrade should consider isolating workloads that run Chrome as a headless or embedded browser behind network policy rules that restrict outbound access to untrusted origins.

See how HarborGuard automates this

Fix available

150.0.7871.46
Affected packages
  • Google / Chrome
    < 150.0.7871.46 (from 150.0.7871.46)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H