CVE-2026-14395

Google · Chrome

An out-of-bounds write vulnerability exists in the V8 engine of Google Chrome prior to version 150, potentially allowing for arbitrary code execution.

Executive summary

An out-of-bounds write vulnerability in Google Chrome's V8 engine creates a high-risk scenario for memory corruption and potential arbitrary code execution.

Vulnerability

This is a memory corruption vulnerability categorized as an out-of-bounds write within the V8 JavaScript engine. An unauthenticated remote attacker could exploit this by convincing a user to visit a specially crafted web page.

Business impact

With a CVSS score of 8.8, this vulnerability represents a severe threat to the integrity and confidentiality of local systems. Successful exploitation could lead to arbitrary code execution within the context of the browser, potentially resulting in the exfiltration of sensitive session data or pivot opportunities into the internal network.

Remediation

Immediate Action: Apply the vendor-provided security update to version 150 or higher immediately upon availability.

Proactive Monitoring: Review web proxy and firewall logs for traffic patterns associated with known malicious domains or anomalous browser activity.

Compensating Controls: Utilize browser-based security extensions and ensure that hardware-enforced memory protections are active on endpoints.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Memory corruption vulnerabilities in core browser components are frequently targeted by threat actors. It is imperative that IT teams verify their update deployment channels and ensure all Chrome installations are patched to the latest version to prevent exploitation.