CVE-2026-14107
Google · Chrome
A use-after-free vulnerability exists in the Scheduling component of Google Chrome, potentially allowing for arbitrary code execution.
Executive summary
A critical use-after-free vulnerability in Google Chrome’s Scheduling component poses a significant risk of arbitrary code execution for affected users.
Vulnerability
This is a use-after-free vulnerability located within the browser's Scheduling engine. The flaw can be triggered by an unauthenticated remote attacker via a specially crafted webpage, leading to memory corruption.
Business impact
The vulnerability carries a CVSS score of 8.8, indicating a high potential for severe impact. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the browser process, leading to a full compromise of user data, session hijacking, or lateral movement within the endpoint environment.
Remediation
Immediate Action: Update all instances of Google Chrome to version 150 or later immediately to resolve the underlying memory management flaw.
Proactive Monitoring: Monitor endpoint logs for unusual browser crashes or unexpected process termination patterns that may indicate exploitation attempts.
Compensating Controls: Deploy endpoint protection platforms (EPP) with exploit prevention capabilities to detect and block anomalous memory access patterns associated with use-after-free attacks.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the high severity score and the critical nature of browser-based memory corruption flaws, organizations must prioritize patching. Administrators should enforce an immediate update cycle across all managed devices to mitigate the risk of remote code execution.