Skip to main content

Google Chrome CVE-2026-14036

| EUVDEUVD-2026-40723 HIGH
Client-Side Enforcement of Server-Side Security (CWE-602)
2026-06-30 chrome-cve-admin@google.com GHSA-jvh2-c5pp-79jm
8.8
CVSS 3.1 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
5.4 MEDIUM

Requires visiting a crafted page (UI:R) with no auth (PR:N); a Bluetooth policy bypass the vendor rates 'Low' implies limited confidentiality and integrity impact, not high-tier C/I/A.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
SUSE
HIGH
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jul 01, 2026 - 15:33 vuln.today
CVSS changed
Jul 01, 2026 - 15:22 NVD
8.8 (HIGH)
CVE Published
Jun 30, 2026 - 23:17 cve.org
HIGH 8.8
CVE Published
Jun 30, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

AnalysisAI

Privilege escalation in Google Chrome desktop before 150.0.7871.47 stems from insufficient policy enforcement in the Bluetooth subsystem, letting a remote attacker who lures a victim to a crafted HTML page cross a security boundary the browser is supposed to guard. Google's Chrome release channel and the NVD-assigned CVSS 3.1 base score of 8.8 (High) diverge from Chromium's own internal 'Low' severity rating, signaling the practical impact is likely narrower than the raw score implies. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure victim to crafted HTML page
Exploit
Page invokes Web Bluetooth API
Execution
Bypass insufficient policy enforcement
Impact
Escalate privileges within browser boundary

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to actively open or visit an attacker-controlled crafted HTML page (CVSS UI:R makes user interaction mandatory), so it cannot be triggered silently at scale. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals conflict and should be weighed rather than taken at face value. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a crafted HTML page and lures a victim to open it via a phishing link, malicious ad, or compromised site; on load, the page abuses the Bluetooth policy-enforcement gap to reach an access or action boundary that browser policy should have blocked, achieving the described privilege escalation. No public exploit code has been identified, and success depends on the user actually visiting the page (UI:R).
Remediation Vendor-released patch: update Google Chrome to 150.0.7871.47 or later on all desktop platforms; this is delivered automatically through Chrome's built-in updater, so verify auto-update is enabled and relaunch to apply it (visiting chrome://settings/help forces the check). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit Chrome version distribution across the organization to identify systems running versions prior to 150.0.7871.47. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-14036 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy