Out of Bounds Read in Google Chrome Due to Malicious Extensions
CVE-2026-14406

5.9MEDIUM

Key Information:

Vendor

Google

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-14406?

A vulnerability has been identified in Google Chrome that arises from an out-of-bounds read within the V8 engine. This flaw can be exploited by an attacker through a malicious Chrome extension, convincing the user to install it. Successful exploitation allows the attacker to read potentially sensitive information from the process memory, posing a significant risk to user privacy and data security. Users are advised to ensure they are using updated versions of Chrome to mitigate potential threats from this vulnerability.

Affected Version(s)

Chrome 150.0.7871.46

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.