A critical use-after-free flaw in the Input component of Google Chrome for Android exposes users to remote code execution risks.

This vulnerability is a use-after-free error located in the Input processing component of the browser. It requires no authentication and can be triggered by a remote attacker through a crafted webpage.

The CVSS score of 8.8 reflects the high potential for impact, including unauthorized code execution. If compromised, an attacker could gain control over the browser process, leading to the theft of sensitive user data, credentials, or potential lateral movement within the mobile environment.

Immediate Action: Update Google Chrome on all Android devices to version 149.0.7827.53 or later immediately.

Proactive Monitoring: Review mobile endpoint logs for signs of anomalous browser activity and ensure that automated update mechanisms are functioning correctly.

Compensating Controls: Utilize mobile security solutions to filter malicious web content and provide an additional layer of defense against browser-based exploits.

Public Exploit Available: false

The risk posed by this use-after-free vulnerability necessitates an immediate update to the latest patched version of Chrome. Security teams should verify that all managed Android devices have received the update to prevent potential exploitation of this high-severity flaw.