CVE-2026-14152
Chromium Analyse et atténuation des vulnérabilités

Aperçu

CVE-2026-14152 is an out-of-bounds read and write vulnerability in ANGLE (Almost Native Graphics Layer Engine) in Google Chrome. It affects all Chrome versions prior to 150.0.7871.47 on Windows, Mac, and Linux. A remote attacker who has already compromised the renderer process can exploit this flaw via a crafted HTML page to potentially escape the renderer sandbox. The vulnerability was published on June 30, 2026, and is rated Low severity by Chromium's internal security team; a formal CVSS base score has not yet been assigned (GitHub Advisory, Chrome Releases).

Détails techniques

The vulnerability is classified as CWE-787 (Out-of-bounds Write), with an additional estimate of CWE-125 (Out-of-bounds Read), residing in Chrome's ANGLE graphics abstraction layer, which translates OpenGL ES API calls to platform-specific graphics APIs. An attacker who has already achieved renderer process compromise can trigger out-of-bounds memory reads and writes through a specially crafted HTML page, potentially leveraging this to break out of the renderer sandbox. Exploitation requires a pre-existing renderer compromise as a precondition, making this a second-stage or chained exploit primitive rather than a standalone remote code execution vector. The Chromium issue tracker entry is tracked at issue #517534944 (GitHub Advisory, Chrome Releases).

Impact

Successful exploitation allows an attacker who has already compromised the Chrome renderer process to perform a sandbox escape, potentially gaining code execution at a higher privilege level on the host system. This could enable access to sensitive data outside the browser sandbox, persistence mechanisms, or further lateral movement within the affected system. The practical impact is contingent on the attacker first achieving renderer compromise through a separate vulnerability (GitHub Advisory).

Atténuation et solutions de contournement

Google has addressed this vulnerability in Chrome 150.0.7871.47 (Windows/Mac) and 150.0.7871.46 (Linux), released on June 30, 2026. Users and administrators should update Chrome to version 150.0.7871.47 or later immediately. As an additional control, organizations can implement network-level restrictions to limit user access to untrusted or unknown websites that could serve as initial exploitation vectors for renderer compromise (Chrome Releases, GitHub Advisory).

Ressources additionnelles


SourceCe rapport a été généré à l’aide de l’IA

Apparenté Chromium Vulnérabilités:

Identifiant CVE

Sévérité

Score

Technologies

Nom du composant

Exploit CISA KEV

A corrigé

Date de publication

CVE-2026-14156NONEN/A
  • Chromium logoChromium
  • chromium
NonNonJun 30, 2026
CVE-2026-14155NONEN/A
  • Chromium logoChromium
  • chromium
NonNonJun 30, 2026
CVE-2026-14154NONEN/A
  • Chromium logoChromium
  • chromium
NonNonJun 30, 2026
CVE-2026-14153NONEN/A
  • Chromium logoChromium
  • chromium
NonNonJun 30, 2026
CVE-2026-14152NONEN/A
  • Chromium logoChromium
  • chromium
NonNonJun 30, 2026

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités