INT Overflow in ANGLE (Chrome <=150.0.7871.46) on Windows
CVE-2026-14391 Published on July 1, 2026

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

NVD

Vulnerability Analysis

CVE-2026-14391 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is an Assumed-Immutable Parameter Tampering Vulnerability?

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

CVE-2026-14391 has been classified to as an Assumed-Immutable Parameter Tampering vulnerability or weakness.


Products Associated with CVE-2026-14391

Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.

 

Affected Versions

Google Chrome: