A high-severity sandbox escape vulnerability exists in Google Chrome for Android, potentially allowing attackers to execute code outside the browser's security boundaries.

This use-after-free vulnerability occurs in the USB component. A remote, unauthenticated attacker can exploit this via a crafted HTML page to perform a sandbox escape, allowing for code execution on the underlying Android device.

The CVSS score of 8.8 reflects the high risk of this vulnerability. A sandbox escape is a critical event, as it allows an attacker to move from the restricted browser environment to the device's operating system, potentially compromising user privacy, personal data, and device integrity.

Immediate Action: Ensure all Android devices have updated Google Chrome to version 149.0.7827.53 or later via the Google Play Store.

Proactive Monitoring: Monitor managed Android devices for unauthorized application installations or unusual system-level behavior that may indicate a sandbox escape has occurred.

Compensating Controls: Utilize Mobile Device Management (MDM) solutions to enforce browser updates and restrict the execution of unverified applications on mobile endpoints.

Public Exploit Available: false

Android devices are frequent targets for browser-based attacks. It is imperative that mobile device users and administrators update Google Chrome immediately to patch this dangerous sandbox escape vulnerability.