A high-severity privilege escalation vulnerability in Google Chrome on Android poses a significant risk to user device integrity and data security.

This vulnerability involves an inappropriate implementation of NFC functionality. A remote, unauthenticated attacker can exploit this flaw by enticing a user to navigate to a specially crafted HTML page, which subsequently triggers unauthorized privilege escalation.

The CVSS score of 8.8 indicates a high-severity risk that could lead to full system compromise of the affected mobile device. Successful exploitation allows an attacker to bypass security boundaries, potentially resulting in unauthorized access to sensitive user data, application credentials, or further device manipulation.

Immediate Action: Update Google Chrome on Android to version 149.0.7827.53 or later immediately.

Proactive Monitoring: Monitor device application logs for unusual NFC-related service calls or unexpected browser-initiated system activity.

Compensating Controls: Ensure Google Play Protect is enabled on all Android devices to assist in detecting and blocking malicious web content.

Public Exploit Available: false

Given the potential for privilege escalation, administrators and individual users should prioritize the update to version 149.0.7827.53. Applying this patch is the only effective way to neutralize the risk of remote exploitation via malicious web content.