Google rushed out a fix for Chrome 150 on June 30, 2026, plugging a security hole that could have let attackers silently siphon personal data from Windows users simply by visiting a website. The vulnerability, tracked as CVE-2026-14070, affects the browser’s Web Neural Network API (WebNN) and was patched in version 150.0.7871.46 for desktop platforms.

What Actually Changed in Chrome 150

Chrome 150.0.7871.46 landed on desktops June 30, 2026, with a single urgent security fix buried in the Stable Channel update notes. Google confirmed that CVE-2026-14070 is an information-disclosure flaw in WebNN, the browser interface that lets websites run machine-learning models directly on your device’s GPU or NPU. The company rated the bug High severity but offered no further technical details—a common practice to give the update time to propagate before reverse-engineering tools dissect the issue.

The patch changes how Chrome’s WebNN implementation handles memory buffers during AI inference operations. In the vulnerable builds, a crafted website could, under certain conditions, read data that WebNN was processing across different security origins. That might include outputs from other tabs running AI models or, in worst-case scenarios, remnants of sensitive user data left in GPU memory from earlier WebNN calls. Google’s advisory credits an external researcher for the discovery but withholds the reporter’s name and any proof-of-concept details until the update reaches a critical mass of users.

For Chrome users, the update comes through the familiar automatic update mechanism. Most desktop installations will refresh silently within days; power users can force the update via chrome://settings/help. The new build advances the milestone from 150.0.7871.44—released just days earlier with feature improvements—to .46, signaling an out-of-band security fix that jumped the queue.

What This Means for You

Home Users

If you run Chrome on a Windows PC, you were vulnerable every time you browsed to a page that uses WebNN—and you might not have known it. Unlike many browser exploits that require the victim to click a malicious link or download a file, this bug could be triggered simply by visiting a site hosting a cleverly crafted AI-powered feature. Real-world examples include web apps that perform real-time video upscaling, background blurring for videoconferencing, or on-device image classification. While Google says it has no evidence of active exploitation, the risk window remains open for anyone who delays the update. There’s no need to disable WebNN on personal machines once you’re on the patched version, but checking your Chrome build number right now is the only way to be safe.

IT Administrators

Enterprise environments face a steeper challenge. The Chrome 150 milestone introduced several new group policies, but the default configuration leaves WebNN enabled. An unpatched fleet means any internal web tool or third-party site that invokes the AI inference API could become a vector for cross-origin data leakage. Worse, users often bring their own devices or have local admin privileges, delaying updates. This CVE should be treated as a high-priority patch, on par with a phishing-resistant authentication bypass. Leverage Chrome Browser Cloud Management to force the update to 150.0.7871.46 immediately. If a full rollout will take time, deploy the HardwareAcceleratedWebNNEnabled policy and set it to false across your organizational units, then re-enable after patching. Also, audit any internally hosted sites that rely on WebNN; they may have been assuming a safe execution environment that no longer existed.

Developers

WebNN is still an emerging standard, and browsers are rapidly iterating on its security model. If your web app uses the API, know that the attack surface is real and that Chromium’s team will likely harden it further. The CVE-2026-14070 disclosure did not include sample code, but the nature of information-disclosure bugs in shared hardware contexts suggests that meticulous input sanitization and output handling are insufficient; the entire pipeline needs browser-level sandboxing improvements. Review your service workers and iframe permissions—any approach that co-mingles WebNN requests from different origins inside the same renderer process could be exploitable in the future, even if the current patch addresses this specific flaw.

How We Got Here: The Rise of Browser-Based AI

WebNN is not yet a household name, but it’s the glue that lets developers tap into hardware-accelerated AI without forcing users to install a plugin or launch a standalone application. Championed by Microsoft, Google, and Intel, the API landed in Chromium behind a flag in 2024, then shipped enabled by default in Chrome 129 for desktop. The promise is compelling: imagine a photo editor that denoises images on the fly, or a language-learning app that transcribes speech without ever sending audio to a cloud server. All the heavy lifting happens inside the browser’s security sandbox—or at least that’s the idea.

In practice, giving website JavaScript access to low-level machine-learning primitives opens new side channels. Unlike traditional web APIs that operate on strings or typed arrays inside a script’s own runtime, WebNN sessions allocate buffers directly in GPU or NPU memory, where multiple tabs and processes might coexist. Earlier security research had warned that errors in memory management could leak data between WebNN contexts. In 2025, a similar information-disclosure bug in WebGPU (CVE-2025-12890) exposed text rendered in one tab to a malicious site running a WebGPU compute shader. That vulnerability, rated Medium at the time, prompted Chromium engineers to re-audit all APIs that interact with hardware acceleration. The result was a series of tighter origin checks, but apparently the WebNN implementation still had a gap.

Chrome’s rapid release cycle—a new milestone every four weeks—sometimes means security fixes get squeezed between feature work. The jump to milestone 150 in June 2026 bundled numerous AI-centric capabilities: on-device translation upgrades, a built-in writing assistant, and background daemon support for system-level AI tasks. With so many code paths touched, it’s unsurprising that a local but potent flaw slipped through pre-release testing. The CVE-2026-14070 bug is a stark reminder that every new browser capability is also a potential attack vector, and that the traditional web security model must evolve to keep pace with hardware-accelerated workloads.

What to Do Now

For most Windows users, the fix is straightforward but urgent. Follow this checklist:

  • Check your version: Type chrome://version in the address bar. The top line should show 150.0.7871.46 or higher. If it’s anything lower, you’re vulnerable.
  • Trigger an update manually: Go to chrome://settings/help. Chrome will download and install the latest build. Click “Relaunch” once it’s ready.
  • Verify after relaunch: Some installation states may need a second manual check—Chrome sometimes applies updates in two stages. Revisit chrome://version to confirm the build number has incremented.
  • Enable auto-updates if disabled: A surprising number of users turn off automatic updates to avoid bandwidth use or unwanted changes. Navigate to chrome://settings/system and toggle on “Automatically update Chrome.” On managed devices, this option may be grayed out—contact your IT department.

For enterprise administrators managing a fleet of Windows devices, the recommended steps are more prescriptive:

  1. Immediate patching: Use your endpoint management tool (Microsoft Intune, SCCM, or GPO) to enforce Chrome version 150.0.7871.46. In Google Admin Console, under Devices > Chrome > Settings > Device Update Settings, select “Force users to auto-update Chrome.”
  2. Temporary WebNN disable: If a zero-day scenario emerges or if you can’t patch overnight, deploy the Chrome ADMX templates and enable the policy HardwareAcceleratedWebNNEnabled set to false. This kills WebNN access entirely, preventing any site from exploiting the flaw. Once the patched version is verified across 100% of devices, revert to the default true setting.
  3. Monitor existing sessions: Pull reports from your SIEM or Chrome Browser Cloud Management logs to identify any anomalous cross-origin read attempts that may have occurred before patching. Look for spikes in GPU memory access errors or WebNN API calls from unfamiliar domains.
  4. Review internal web apps: If your organization hosts any tools that depend on WebNN (e.g., a private document scanner or a low-latency translation widget), alert their owners that the API may have been a liability and coordinate a post-mortem.

Outlook

The CVE-2026-14070 patch closes one door, but it also opens a larger conversation. As AI features become standard in browsers, the Chromium project will need to publish clearer security guidance for API consumers. Expect a series of hardening commits in the Chromium source code over the next few weeks, likely reflected in the Chrome 151 beta and eventually backported to the extended stable channel for enterprises. Meanwhile, the W3C’s WebNN working group will almost certainly update its security considerations document to address memory isolation across hardware contexts. For Windows users, the best defense remains unglamorous but effective: relentless automatic updating. This bug wasn’t exploited in the wild, but the next one might be—and it may target the same AI pipelines we’re just starting to trust.