Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
9.6

CVE-2026-14037: Google Chrome GPU Policy Bypass via Malicious Page

CVE-2026-14037
Summary

A remote attacker who has already compromised a user's browser can create a malicious webpage that could potentially break out of the browser's security sandbox. This affects users of Google Chrome prior to a specific version. To fix this, update to the latest version of Google Chrome.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versions
google chrome < 150.0.7871.47
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Original title
Insufficient policy enforcement in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craft...
Original description
Insufficient policy enforcement in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
nvd CVSS3.1 9.6
Vulnerability type
CWE-693 Protection Mechanism Failure
Published: 30 Jun 2026 · Updated: 1 Jul 2026 · First seen: 1 Jul 2026