CVE-2026-14425: Use after free in ANGLE in Google Chrome prior to 150
Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Metrics
- CVSS v3.1
- 9.6
- Severity
- CRITICAL
- Fixed in
- 150.0.7871.46
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A use-after-free vulnerability in ANGLE, the graphics abstraction layer inside Google Chrome, affects all Chrome versions prior to 150.0.7871.46. The flaw is reachable over the network without authentication, but requires the victim to visit a crafted HTML page delivered by the attacker. Successful exploitation enables a full sandbox escape, giving the attacker read, write, and denial-of-service capability outside the Chrome renderer process. A patched-image rebuild at version 150.0.7871.46 is available on HarborGuard for environments running an affected Chrome version.
HarborGuard Coverage
Detection of CVE-2026-14425 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle a Chrome or Chromium runtime.
AvailableHarborGuard scores this CVE at CVSS 9.6 (Critical) and weights it further against each environment's compliance policy before routing the finding to the appropriate team inbox inside the customer org.
AvailableA patched-image rebuild at Chrome 150.0.7871.46 becomes available on HarborGuard for any image found to include an affected version. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs the regression test suite against the new image, and opens a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker delivers the exploit over the network; the target Chrome instance must be reachable by browsing to an attacker-controlled or compromised web page.
- AuthenticationNot required
No account, credential, or prior authentication to any service is needed; any unauthenticated user browsing the web can be targeted.
- Victim interactionRequired
The victim must navigate to or be redirected to a crafted HTML page, making this a social-engineering or drive-by delivery scenario.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental preconditions beyond victim interaction.
Blast Radius
- Attacker escapes the Chrome renderer sandbox and executes code in a higher-privilege process context on the host.
- Confidential data accessible to the browser process (stored credentials, session tokens, locally cached files) becomes readable to the attacker.
- The attacker can write or modify data in process memory and on disk outside the sandbox boundary.
- The attacker can crash Chrome or deny service to the affected session and any dependent browser-based workloads.
How HarborGuard Handles This
Available on HarborGuard: any image that bundles Chrome or Chromium prior to 150.0.7871.46 is flagged at ingestion with a Critical severity finding for CVE-2026-14425. For customers with auto-remediation enabled, HarborGuard rebuilds the image at the patched version, executes the configured regression suite, and opens a pull request against affected workloads; for high and critical severity issues, median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuild artifact and regression report are staged and a finding notification is routed to the designated team inbox for review. Customers who cannot immediately update are encouraged to apply network-policy controls that restrict untrusted web content delivery to Chrome-based workloads as a compensating measure until the patched image is promoted.
Fix available
- Google / Chrome< 150.0.7871.46 (from 150.0.7871.46)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H