HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-14424Published Modified CNA Chrome

CVE-2026-14424: Use after free in Dawn in Google Chrome on Mac prior to 150

Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.46
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability exists in Dawn, the WebGPU backend used by Google Chrome on macOS, affecting versions prior to 150.0.7871.46. The flaw is reachable over the network without authentication, but requires a victim to visit a crafted HTML page. Successful exploitation gives a remote attacker full read, write, and availability impact across a scope beyond the browser process itself, enabling a sandbox escape. A patched-image rebuild at version 150.0.7871.46 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images that bundle a Chrome or Chromium binary.

Available
Triage

HarborGuard scores this finding at CVSS 9.6 (Critical) and weights it against each environment's compliance policy to determine urgency and routing, directing alerts to the appropriate team inbox within each customer organization.

Available
Patch

A patched-image rebuild pinned to Chrome 150.0.7871.46 becomes available on HarborGuard the moment the fix version is confirmed. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the exploit over the network by directing the victim to a crafted HTML page, so the Chrome process must be reachable to load remote content.

  • AuthenticationNot required

    No account or credential is needed; any unauthenticated remote attacker can serve the malicious page.

  • Victim interactionRequired

    The victim must open or be redirected to a crafted HTML page, making social engineering or a malicious link the delivery mechanism.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and requires no special race conditions, memory-layout assumptions, or other environmental prerequisites.

Blast Radius

  • The attacker escapes the Chrome renderer sandbox, gaining code execution outside the browser's confined process.
  • With sandbox escape achieved, the attacker can read arbitrary files and stored credentials accessible to the macOS user running Chrome.
  • The attacker can write or modify data on the filesystem or inject into other processes running under the same user account.
  • The attacker can crash or destabilize the browser and any dependent services, causing loss of availability for the affected session.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-14424 is active across all connected registries and pipeline stages, matching any image that packages a Chrome or Chromium binary older than 150.0.7871.46. For environments where a fix-version image can be produced, a patched rebuild at 150.0.7871.46 is queued automatically. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs regression tests, and opens a pull request against affected workloads; for Critical-severity issues the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit auto-remediation, the finding is surfaced in the HarborGuard dashboard with severity, affected image list, and fix-version guidance so engineering teams can act directly. Given the sandbox-escape impact of this CVE, customers who cannot immediately rebuild are advised to enforce network policies that restrict which hosts Chrome-based containers can fetch content from, reducing exposure while a patched image is prepared.

See how HarborGuard automates this

Fix available

150.0.7871.46
Affected packages
  • Google / Chrome
    < 150.0.7871.46 (from 150.0.7871.46)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H