CVE-2026-14086
Google · Chrome
Google Chrome suffers from insufficient policy enforcement in the HID (Human Interface Device) component, which may allow for restricted actions.
Executive summary
A high-severity policy enforcement vulnerability in Google Chrome’s HID component could allow attackers to bypass security restrictions.
Vulnerability
The vulnerability stems from insufficient policy enforcement within the HID implementation. This flaw may allow an attacker to bypass intended security policies, potentially leading to unauthorized device interaction.
Business impact
The ability to bypass policy enforcement can lead to unauthorized hardware access or privilege escalation within the browser context. With a CVSS score of 8.8, this vulnerability is considered a high-priority risk that could result in significant security degradation if left unpatched.
Remediation
Immediate Action: Deploy the latest Google Chrome update (version 150 or later) across all enterprise endpoints.
Proactive Monitoring: Monitor logs for unusual HID-related activities or unauthorized device connection attempts reported by security software.
Compensating Controls: Utilize endpoint security policies to restrict browser permissions for HID devices until the update is deployed.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Organizations should treat this high-severity vulnerability with urgency. Promptly applying the vendor-supplied security update is the most effective method for mitigating the risk associated with this policy enforcement flaw.