Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.6
CVE-2026-14037: Google Chrome GPU Policy Bypass via Malicious Page
CVE-2026-14037
Summary
A remote attacker who has already compromised a user's browser can create a malicious webpage that could potentially break out of the browser's security sandbox. This affects users of Google Chrome prior to a specific version. To fix this, update to the latest version of Google Chrome.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| chrome |
< 150.0.7871.47 cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* |
Original title
Insufficient policy enforcement in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craft...
Original description
Insufficient policy enforcement in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
nvd CVSS3.1
9.6
Vulnerability type
CWE-693
Protection Mechanism Failure
- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_... Release Notes
- https://issues.chromium.org/issues/496522611 Permissions Required
Published: 30 Jun 2026 · Updated: 1 Jul 2026 · First seen: 1 Jul 2026