A high-severity use-after-free vulnerability in Google Chrome’s Android download manager could allow for remote code execution.

This vulnerability is a use-after-free flaw within the download management system of the browser. An unauthenticated attacker could exploit this by tricking a user into downloading a malicious file, leading to memory corruption.

The CVSS score of 8.8 highlights the severity of this issue. Since the vulnerability resides in the download handler, it poses a direct risk to mobile devices, potentially allowing attackers to gain persistence or access sensitive files on the Android device.

Immediate Action: Update Google Chrome on all Android devices to version 149 or later via the Google Play Store.

Proactive Monitoring: Review logs for unusual download activity or failed file-handling operations on corporate mobile devices.

Compensating Controls: Implement mobile device management (MDM) policies to restrict unauthorized file downloads and enforce strict application sandboxing.

Public Exploit Available: false

Mobile endpoints are often overlooked in patch management cycles. It is critical to ensure all Android devices are updated to version 149 to prevent attackers from leveraging this download-based vulnerability to compromise mobile assets.