CVE-2026-14104
Google · Chrome
Google Chrome contains a vulnerability in WebAppInstalls due to insufficient validation of untrusted input, potentially allowing malicious application installation.
Executive summary
A high-severity input validation flaw in Google Chrome’s WebAppInstalls component creates a risk of unauthorized application installation.
Vulnerability
This vulnerability involves the improper validation of untrusted input during the web application installation process. This could allow an attacker to trick the system into installing unauthorized or malicious web applications.
Business impact
Exploitation of this flaw could facilitate the installation of malicious software, leading to malware infection or unauthorized persistence on user systems. The CVSS score of 8.8 highlights the severity of this issue and the risk it poses to the integrity of the browser environment.
Remediation
Immediate Action: Ensure all Chrome installations are upgraded to version 150 or higher to address the input validation errors.
Proactive Monitoring: Review audit logs for suspicious web application installation events or unauthorized browser-based activity.
Compensating Controls: Implement browser management policies that restrict the installation of web applications until the browser is fully patched.
Exploitation status
Public Exploit Available: false
Analyst recommendation
This vulnerability presents a clear risk to endpoint integrity. Security administrators must prioritize the deployment of the latest Google Chrome update to prevent potential exploitation and maintain a secure browser environment.