CVE-2026-14080: Insufficient validation of untrusted input in Google Chrome
CVE-2026-14080 is a vulnerability in Google Chrome on Android where insufficient validation of untrusted input in the TabSwitcher component allowed a remote attacker to bypass navigation restrictions. This issue affects versions prior to 150.0.7871.47. The vulnerability is rated with low severity by Chromium security. No CVSS score is provided.
AI Analysis
Technical Summary
The vulnerability CVE-2026-14080 involves insufficient validation of untrusted input within the TabSwitcher feature of Google Chrome on Android. This flaw could allow a remote attacker to bypass navigation restrictions by leveraging malicious network traffic. The issue affects Chrome versions before 150.0.7871.47. The Chromium security team has assigned a low severity rating to this vulnerability. There is a vendor advisory available but it does not explicitly state the patch or remediation status.
Potential Impact
A remote attacker could bypass navigation restrictions in affected versions of Google Chrome on Android by exploiting insufficient input validation in the TabSwitcher component. This could potentially allow navigation to unintended or malicious pages. The impact is considered low severity by the vendor.
Mitigation Recommendations
Patch status is not yet confirmed from the vendor advisory. Users should update to version 150.0.7871.47 or later once available. Monitor the official Google Chrome release blog for updates and apply the stable channel update when released. No specific temporary mitigations are provided.
CVE-2026-14080: Insufficient validation of untrusted input in Google Chrome
Description
CVE-2026-14080 is a vulnerability in Google Chrome on Android where insufficient validation of untrusted input in the TabSwitcher component allowed a remote attacker to bypass navigation restrictions. This issue affects versions prior to 150.0.7871.47. The vulnerability is rated with low severity by Chromium security. No CVSS score is provided.
Affected software
pkg:github/chromium/chromiumRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-14080 involves insufficient validation of untrusted input within the TabSwitcher feature of Google Chrome on Android. This flaw could allow a remote attacker to bypass navigation restrictions by leveraging malicious network traffic. The issue affects Chrome versions before 150.0.7871.47. The Chromium security team has assigned a low severity rating to this vulnerability. There is a vendor advisory available but it does not explicitly state the patch or remediation status.
Potential Impact
A remote attacker could bypass navigation restrictions in affected versions of Google Chrome on Android by exploiting insufficient input validation in the TabSwitcher component. This could potentially allow navigation to unintended or malicious pages. The impact is considered low severity by the vendor.
Mitigation Recommendations
Patch status is not yet confirmed from the vendor advisory. Users should update to version 150.0.7871.47 or later once available. Monitor the official Google Chrome release blog for updates and apply the stable channel update when released. No specific temporary mitigations are provided.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-29T23:11:38.056Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html","vendor":"Google"}]
Threat ID: 6a444c3127e9c7971985d3be
Added to database: 06/30/2026, 23:07:29 UTC
Last enriched: 07/01/2026, 00:53:33 UTC
Last updated: 07/01/2026, 02:11:12 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.