CVE-2026-14102

Google · Chrome

A use-after-free vulnerability exists in the Passwords management component of Google Chrome prior to version 150, posing a risk of memory corruption.

Executive summary

A high-severity use-after-free vulnerability in Google Chrome’s password management system could allow attackers to execute arbitrary code or access sensitive credentials.

Vulnerability

This vulnerability involves a use-after-free flaw within the password handling logic of Google Chrome. The issue could allow an attacker to corrupt memory states, potentially leading to unauthorized access to stored credentials or remote code execution.

Business impact

The potential for unauthorized access to stored credentials makes this a critical concern for both individual and enterprise environments. Given the CVSS score of 8.8, a successful compromise could facilitate credential harvesting, leading to further lateral movement across the network and significant data loss.

Remediation

Immediate Action: Update all installations of Google Chrome to version 150 or later to patch the vulnerable password management component.

Proactive Monitoring: Audit logs for suspicious browser activity and monitor for unusual login patterns that might suggest credential theft.

Compensating Controls: Implement multi-factor authentication (MFA) across all corporate accounts to minimize the impact if browser-stored credentials are compromised.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The intersection of browser memory corruption and credential management represents a significant security risk. It is imperative that organizations prioritize the immediate patching of the Chrome browser to protect user credentials and maintain the integrity of their authentication processes.