A high-severity use-after-free flaw in Google Chrome on Android could allow attackers to execute arbitrary code via the WebAppInstalls component.

This vulnerability involves a use-after-free condition within the WebAppInstalls feature of the browser. An attacker could potentially leverage this flaw to trigger memory corruption and execute arbitrary code on the host device.

The CVSS score of 8.8 reflects the high danger posed by this vulnerability to mobile endpoints. Compromise of mobile devices used for business can lead to the exposure of corporate email, multifactor authentication tokens, and internal application access, representing a significant risk to organizational mobility security.

Immediate Action: Update Google Chrome on all Android devices to version 149 or the latest available version via the Google Play Store.

Proactive Monitoring: Monitor mobile device management (MDM) platforms for devices running outdated browser versions and enforce compliance policies.

Compensating Controls: Utilize mobile application management (MAM) to sandbox corporate data and ensure that suspicious application behavior is identified and blocked.

Public Exploit Available: false

Mobile device security must be maintained by ensuring the Chrome browser is updated to version 149 or higher on all Android endpoints. Administrators should use MDM tools to verify that the update is applied across the mobile fleet to prevent potential exploitation.