CVE-2026-14086

Google · Chrome

Google Chrome suffers from insufficient policy enforcement in the HID (Human Interface Device) component, which may allow for restricted actions.

Executive summary

A high-severity policy enforcement vulnerability in Google Chrome’s HID component could allow attackers to bypass security restrictions.

Vulnerability

The vulnerability stems from insufficient policy enforcement within the HID implementation. This flaw may allow an attacker to bypass intended security policies, potentially leading to unauthorized device interaction.

Business impact

The ability to bypass policy enforcement can lead to unauthorized hardware access or privilege escalation within the browser context. With a CVSS score of 8.8, this vulnerability is considered a high-priority risk that could result in significant security degradation if left unpatched.

Remediation

Immediate Action: Deploy the latest Google Chrome update (version 150 or later) across all enterprise endpoints.

Proactive Monitoring: Monitor logs for unusual HID-related activities or unauthorized device connection attempts reported by security software.

Compensating Controls: Utilize endpoint security policies to restrict browser permissions for HID devices until the update is deployed.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Organizations should treat this high-severity vulnerability with urgency. Promptly applying the vendor-supplied security update is the most effective method for mitigating the risk associated with this policy enforcement flaw.