CVE-2026-14149

Google · Chrome

A use-after-free vulnerability exists in the Audio component of Google Chrome on Linux, potentially allowing for arbitrary code execution.

Executive summary

A critical use-after-free vulnerability in the Linux version of Google Chrome’s Audio component presents a severe risk of arbitrary code execution for Linux-based systems.

Vulnerability

This flaw exists within the audio processing subsystem of Google Chrome on the Linux platform. An unauthenticated remote attacker can trigger this use-after-free condition by enticing a user to visit a malicious site with crafted audio elements.

Business impact

The CVSS score of 8.8 highlights the severity of this vulnerability. For Linux environments, which are often used in critical infrastructure or development roles, exploitation could lead to privilege escalation or full system compromise, causing significant operational disruption and data loss.

Remediation

Immediate Action: Apply the vendor-provided security updates to move all Linux-based Google Chrome installations to version 150 or later.

Proactive Monitoring: Monitor Linux system logs and browser process behavior for abnormal audio-processing failures or unexpected crashes indicative of memory corruption.

Compensating Controls: Implement organizational policies that restrict browser access to known-safe domains or utilize sandboxing technologies to contain the browser process.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the targeted nature of this vulnerability toward Linux users, it is imperative that system administrators audit their Linux endpoints and ensure the latest patches are deployed immediately to neutralize this threat.