CVE-2026-14422
Google · Chrome
An out-of-bounds read and write vulnerability exists in the Tint component of Google Chrome prior to version 150.
Executive summary
Google Chrome versions prior to 150 are susceptible to an out-of-bounds memory access flaw in the Tint component, posing a critical risk of system compromise.
Vulnerability
The vulnerability consists of an out-of-bounds read and write condition within the Tint component. An unauthenticated attacker could leverage this flaw to manipulate memory, potentially resulting in unauthorized access or arbitrary code execution.
Business impact
Memory corruption vulnerabilities like out-of-bounds read/write are often leveraged to bypass security protections such as ASLR. With a CVSS score of 8.8, this high-severity vulnerability could lead to total loss of confidentiality and integrity of the affected workstation, necessitating an urgent patching cycle.
Remediation
Immediate Action: Deploy the latest security update for Google Chrome (version 150 or higher) across all endpoints immediately.
Proactive Monitoring: Monitor endpoint detection and response (EDR) alerts for suspicious crash reports or memory access violations involving the browser process.
Compensating Controls: Use browser-level security policies to restrict the execution of untrusted scripts and enforce strict site isolation.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the high CVSS score and the nature of memory corruption flaws, organizations must treat this update with high priority. Promptly updating all instances of Chrome is the only effective method to mitigate the risk of exploitation.