CVE-2026-14087

Google · Chrome for Windows

A heap buffer overflow vulnerability in the WebNN component of Google Chrome on Windows could allow for memory corruption and code execution.

Executive summary

A heap buffer overflow in the WebNN component of Google Chrome on Windows presents a critical risk of arbitrary code execution.

Vulnerability

This is a heap buffer overflow vulnerability located in the WebNN (Web Neural Network) API. It can be triggered by an unauthenticated attacker who lures a user into visiting a specially crafted webpage that interacts with the vulnerable API.

Business impact

Successful exploitation allows an attacker to manipulate heap memory, which is a common precursor to gaining arbitrary code execution on the host machine. Given the 8.8 CVSS score, this vulnerability poses a severe risk to organizational assets, potentially facilitating malware installation or lateral movement within a network.

Remediation

Immediate Action: Apply the vendor-provided security update to Chrome for Windows, ensuring all instances are upgraded to version 150 or later.

Proactive Monitoring: Analyze network traffic for unusual patterns associated with WebNN API calls or unexpected browser behavior.

Compensating Controls: Employ browser-based security policies or extensions that restrict script execution from untrusted sources to mitigate potential attack vectors.

Exploitation status

Public Exploit Available: false

Analyst recommendation

This vulnerability highlights the risk inherent in modern browser APIs like WebNN. Administrators must treat this as a high-priority update and verify that all Windows endpoints have successfully upgraded to the patched version to neutralize the threat.