CVE-2026-14389

Google · Chrome

An integer overflow vulnerability exists in the Skia graphics library within Google Chrome prior to version 150.

Executive summary

An integer overflow vulnerability in the Skia graphics library of Google Chrome prior to version 150 could result in arbitrary code execution or application crashes.

Vulnerability

This vulnerability involves an integer overflow condition within the Skia graphics library. An unauthenticated attacker could exploit this by tricking a user into rendering malicious graphics content, leading to memory corruption.

Business impact

Integer overflows in graphics engines are frequently exploited to gain control over the execution flow of an application. With a CVSS score of 8.3, this high-severity vulnerability represents a significant risk to the integrity of the browser environment and could facilitate broader attacks on the underlying operating system.

Remediation

Immediate Action: Update all Google Chrome instances to version 150 or later to ensure the Skia library is patched.

Proactive Monitoring: Audit browser logs for unusual activity and ensure that endpoint security software is configured to detect process injection attempts.

Compensating Controls: Implement organizational web filtering to prevent users from navigating to known malicious or untrusted websites that may host exploit content.

Exploitation status

Public Exploit Available: false

Analyst recommendation

IT administrators should prioritize the remediation of this vulnerability as part of the standard patch management cycle. Failure to update may expose users to browser-based attacks that leverage graphics rendering flaws to gain elevated control.