CVE-2026-14387
Received Received - Intake

Integer Overflow in Google Chrome Skia Engine

Vulnerability report for CVE-2026-14387, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-02

Assigner: Chrome

Description

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
google chrome to 150.0.7871.46 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-472 The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an integer overflow in the Skia component of Google Chrome versions prior to 150.0.7871.46. An integer overflow occurs when a calculation exceeds the maximum size that can be stored in an integer variable, potentially leading to unexpected behavior.

In this case, the overflow could be exploited by a remote attacker who crafts a malicious HTML page. This crafted page could trigger the overflow and potentially allow the attacker to escape the browser's sandbox, which is a security mechanism designed to isolate processes and prevent malicious code from affecting the system.

Impact Analysis

If exploited, this vulnerability could allow a remote attacker to escape the sandbox environment of Google Chrome. This means the attacker could potentially execute arbitrary code on your system with higher privileges than normally allowed within the browser.

Such an attack could lead to unauthorized access to your system, data theft, installation of malware, or other malicious activities that compromise your device's security.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14387. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart