Google fixed CVE-2026-14000 in the Chrome 150 stable release on June 30, 2026, after disclosing that older Chrome builds could allow a remote attacker to inject arbitrary scripts or HTML through a crafted page abusing XML handling. The flaw is rated Medium by Chromium and scored 6.1 by CISA’s...