Critical Vulnerability in Google Chrome Allows Remote Code Execution

Critical Vulnerability in Google Chrome Allows Remote Code Execution

First seen 3 Jul 2026, 13:32 UTC EndorlabsLyrie.Ainvd.nist.govcveawg.mitre.org 84% similarity 57.8
Share:

Article Content

Browse articles
ThreatCluster

A critical vulnerability, CVE-2026-14104, was identified in Google Chrome versions prior to 150.0.7871.47. This flaw involves insufficient validation of untrusted input in WebAppInstalls, enabling remote attackers to execute arbitrary code via crafted HTML pages. The vulnerability has been assigned a CVSS score of 9.8, indicating its severity. Affected users are those running the vulnerable versions of Google Chrome. The vulnerability was confirmed by three independent sources before publication. Currently, the Chromium security severity is rated as low, suggesting that while serious, it may not be actively exploited. Users are advised to update to the latest version to mitigate risks. This incident highlights the ongoing need for vigilance in web application security.

Key Points: • CVE-2026-14104 allows remote code execution in vulnerable Google Chrome versions. • The vulnerability affects Chrome versions prior to 150.0.7871.47 with a CVSS score of 9.8. • Users are urged to update to the latest Chrome version to protect against this flaw.

ThreatCluster AI

Timeline

2026-04-08
CVE-2026-5915 published
Another vulnerability, CVE-2026-5915, was disclosed, affecting WebML in Chrome, allowing out of bounds memory writes.
Endorlabs
2026-06-30
CVE-2026-14104 published
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome was disclosed, allowing remote code execution.
Lyrie.Ai
2026-07-03
Vulnerability reported by NVD
NVD confirmed the details of CVE-2026-14104, reiterating the risk of remote code execution.
nvd.nist.gov

Community

Browse all →