External risk intelligence

Chromium Chromoting Use After Free Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-14121

The vulnerability exists in Chromoting (Chrome Remote Desktop), which is a client-side application feature typically used for remote access sessions between specific endpoints. It is not a public-facing service, web application, or edge gateway exposed to the general internet by design.

Use After Free

Google Chrome

before 150.0.7871.47

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory details a use-after-free vulnerability in Chrome's Chromoting feature on Linux, which could allow a remote attacker to execute arbitrary code. While the Chromium security severity is rated Low, the broader CVSS score indicates a critical risk if the affected technology is in use. The main concern is confirming relevance and exposure.

  • Code flaw in remote access feature.
  • Remote code execution risk is critical.
  • Verify if this feature is in use.

Attack Path

How an attacker could exploit the issue

A remote attacker could exploit a use-after-free vulnerability in Chromoting to execute arbitrary code by sending specially crafted network traffic to a vulnerable system. This could allow the attacker to gain control over the affected machine.

  • Requires no user interaction or prior access.
  • Triggered by malicious network traffic.
  • Allows arbitrary code execution.

Live Threat

Current exploitation, exposure, and threat context

A use-after-free vulnerability in Chromoting, when supported by the advisory, could allow a remote attacker to execute arbitrary code by sending malicious network traffic. This could impact systems running Google Chrome on Linux.

  • Arbitrary code execution is at risk.
  • Malicious network traffic could trigger the vulnerability.
  • System compromise is a potential consequence.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability affects Google Chrome on Linux, specifically the Chromoting feature. The practical first step is to identify all Linux systems running affected Chrome versions, confirm if Chromoting is enabled and reachable, and then assess business criticality to prioritize remediation. Owners of Chrome deployments and potentially Linux infrastructure teams should lead this effort.

  • Chrome owners should manage remediation.
  • Verify Chromoting usage and reachability.
  • Plan updates during maintenance windows.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Chromoting in Google Chrome?

Chromoting, also known as Chrome Remote Desktop, is a feature within Google Chrome that enables remote access between computing devices. It allows users to control one computer from another over a network. This specific vulnerability affects the Linux implementation of this remote access capability, which relies on the browser to facilitate secure connections between endpoints.

What does use-after-free mean for CVE-2026-14121?

Use-after-free, classified as CWE-416, is a memory management flaw. It occurs when a program continues to use a pointer to a memory location after that memory has been cleared or released. In this CVE, an attacker can manipulate this state by sending malicious network traffic, which may trick the software into executing arbitrary code in the freed memory space.

How is this Chromoting vulnerability triggered?

The flaw is triggered when the affected Chromoting component processes specially crafted network traffic sent by a remote attacker. This process does not require the user to click on anything or have prior system access. However, it requires the Chromoting feature to be active and listening for network connections to receive the malicious traffic.

Do I need to worry about this on my Linux systems?

Halo Surface Signal notes that Chromoting is typically used for specific remote access sessions rather than being an edge gateway exposed to the general internet. If your Linux systems do not use Chromoting for remote access, or if the service is not reachable over the network, your risk profile is significantly lower compared to systems where this feature is actively facilitating external connections.

When should I update Chrome to address this?

You should prioritize updating Google Chrome on all Linux machines to version 150.0.7871.47 or later. Start by auditing your environment to confirm where Chromoting is currently in use. Once identified, schedule these updates within your standard maintenance windows, prioritizing systems that are most critical to your operations or possess higher network visibility.

References