Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.6
CVE-2026-14056: Google Chrome: Compromised Videos Can Escape Security
CVE-2026-14056
Summary
A security issue in Google Chrome's media player allows an attacker who has already compromised a user's Chrome session to potentially take control of the entire system by creating a malicious video file. This issue affects users who have not updated to the latest version of Google Chrome. To stay safe, update to the latest version of Google Chrome.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| chrome |
< 150.0.7871.47 cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* |
Original title
Insufficient validation of untrusted input in Media in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escap...
Original description
Insufficient validation of untrusted input in Media in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Low)
nvd CVSS3.1
9.6
Vulnerability type
CWE-20
Improper Input Validation
- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_... Release Notes
- https://issues.chromium.org/issues/501888426 Permissions Required
Published: 30 Jun 2026 · Updated: 1 Jul 2026 · First seen: 1 Jul 2026