CVE-2026-14424: Use after free in Dawn in Google Chrome on Mac prior to 150
Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Metrics
- CVSS v3.1
- 9.6
- Severity
- CRITICAL
- Fixed in
- 150.0.7871.46
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A use-after-free vulnerability exists in Dawn, the WebGPU backend used by Google Chrome on macOS, affecting versions prior to 150.0.7871.46. The flaw is reachable over the network without authentication, but requires a victim to visit a crafted HTML page. Successful exploitation gives a remote attacker full read, write, and availability impact across a scope beyond the browser process itself, enabling a sandbox escape. A patched-image rebuild at version 150.0.7871.46 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle a Chrome or Chromium binary.
AvailableHarborGuard scores this finding at CVSS 9.6 (Critical) and weights it against each environment's compliance policy to determine urgency and routing, directing alerts to the appropriate team inbox within each customer organization.
AvailableA patched-image rebuild pinned to Chrome 150.0.7871.46 becomes available on HarborGuard the moment the fix version is confirmed. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker delivers the exploit over the network by directing the victim to a crafted HTML page, so the Chrome process must be reachable to load remote content.
- AuthenticationNot required
No account or credential is needed; any unauthenticated remote attacker can serve the malicious page.
- Victim interactionRequired
The victim must open or be redirected to a crafted HTML page, making social engineering or a malicious link the delivery mechanism.
- Attack complexityDetail
Attack complexity is Low, meaning the exploit is reliable and requires no special race conditions, memory-layout assumptions, or other environmental prerequisites.
Blast Radius
- The attacker escapes the Chrome renderer sandbox, gaining code execution outside the browser's confined process.
- With sandbox escape achieved, the attacker can read arbitrary files and stored credentials accessible to the macOS user running Chrome.
- The attacker can write or modify data on the filesystem or inject into other processes running under the same user account.
- The attacker can crash or destabilize the browser and any dependent services, causing loss of availability for the affected session.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-14424 is active across all connected registries and pipeline stages, matching any image that packages a Chrome or Chromium binary older than 150.0.7871.46. For environments where a fix-version image can be produced, a patched rebuild at 150.0.7871.46 is queued automatically. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs regression tests, and opens a pull request against affected workloads; for Critical-severity issues the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit auto-remediation, the finding is surfaced in the HarborGuard dashboard with severity, affected image list, and fix-version guidance so engineering teams can act directly. Given the sandbox-escape impact of this CVE, customers who cannot immediately rebuild are advised to enforce network policies that restrict which hosts Chrome-based containers can fetch content from, reducing exposure while a patched image is prepared.
Fix available
- Google / Chrome< 150.0.7871.46 (from 150.0.7871.46)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H