Skip to main content

Google Chrome CVE-2026-14423

| EUVDEUVD-2026-41187 CRITICAL
Access of Resource Using Incompatible Type (Type Confusion) (CWE-843)
2026-07-01 Chrome GHSA-7wm2-2f2v-872x
9.6
CVSS 3.1 · Vendor: Chrome
Share

Severity by source

Vendor (Chrome) PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
9.6 CRITICAL

Remote crafted page needs user to visit (UI:R) but no auth (PR:N); sandbox escape breaks the containment boundary (S:C) with total host impact (C/I/A:H).

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
SUSE
CRITICAL
qualitative

Primary rating from Vendor (Chrome).

CVSS VectorVendor: Chrome

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jul 02, 2026 - 01:22 vuln.today
CVSS changed
Jul 02, 2026 - 00:22 NVD
9.6 (CRITICAL)
CVE Published
Jul 01, 2026 - 22:21 cve.org
UNKNOWN (no severity yet)
CVE Published
Jul 01, 2026 - 22:21 cve.org
CRITICAL 9.6

DescriptionCVE.org

Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

AnalysisAI

Sandbox escape via type confusion in Tint, the WGSL shader compiler within Chrome's Dawn/WebGPU stack, affects Google Chrome desktop versions prior to 150.0.7871.46. A remote attacker who lures a victim to a crafted HTML page can trigger the flaw (CWE-843) to potentially break out of the renderer/GPU sandbox and gain broader access on the host. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure victim to crafted WebGPU page
Delivery
Deliver malicious WGSL shader
Exploit
Trigger type confusion in Tint
Execution
Corrupt GPU-process memory
Persist
Escape browser sandbox
Impact
Execute code on host

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to actively load an attacker-controlled HTML page that invokes WebGPU (CVSS UI:R confirms required user interaction), and the crafted page must supply shader input that reaches the vulnerable Tint/WGSL compilation path - so WebGPU/GPU acceleration must be enabled in the victim's Chrome (the default on supported hardware). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H = 9.6) signals a network-reachable, low-complexity, unauthenticated flaw whose only gating factor is user interaction (visiting a page), with a scope change reflecting the sandbox escape and total confidentiality/integrity/availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts or injects a malicious HTML page containing crafted WebGPU shader code and lures a victim to open it (phishing link, malvertising, or compromised site). When Chrome's Tint compiler processes the shader, the type confusion corrupts GPU-process memory, which the attacker leverages to attempt a sandbox escape and gain code execution outside the browser sandbox. …
Remediation Vendor-released patch: update Google Chrome to 150.0.7871.46 or later on the Stable channel; Chrome normally auto-updates, so verify the version under chrome://settings/help and relaunch to apply, and push the update through enterprise management (GPO/MDM) to guarantee coverage across the fleet, per the advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify Chrome desktop deployment scope and establish patch deployment timeline across endpoints. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Package Hub 15 SP7 Fixed
openSUSE Tumbleweed Fixed
SUSE Package Hub 15 SP7 Affected

Share

CVE-2026-14423 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy