Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.6
CVE-2026-14055: Google Chrome on Windows allows remote code execution
CVE-2026-14055
Summary
An attacker who has compromised a Google Chrome process on Windows may be able to escape the browser's security sandbox and potentially run malicious code on the user's computer. This affects Google Chrome versions prior to 150.0.7871.47. To fix this, update to the latest version of Google Chrome.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| chrome |
< 150.0.7871.47 cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* |
Original title
Insufficient validation of untrusted input in Device Trust in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perfo...
Original description
Insufficient validation of untrusted input in Device Trust in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
nvd CVSS3.1
9.6
Vulnerability type
CWE-20
Improper Input Validation
- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_... Release Notes
- https://issues.chromium.org/issues/501857663 Permissions Required
Published: 30 Jun 2026 · Updated: 1 Jul 2026 · First seen: 1 Jul 2026