A critical use-after-free vulnerability in Google Chrome for Android enables remote code execution and sandbox escapes, posing a severe risk to device integrity.

This is a use-after-free memory corruption flaw located within the WebGL implementation. An unauthenticated remote attacker can trigger this condition by enticing a user to visit a specially crafted webpage, potentially leading to a sandbox escape.

With a CVSS score of 9.6, this vulnerability represents a critical threat to mobile endpoints. Successful exploitation could allow an attacker to bypass browser security boundaries, potentially resulting in full device compromise, theft of sensitive user data, and unauthorized execution of arbitrary code within the Android environment.

Immediate Action: Update Google Chrome for Android to version 149.0.7827.197 or later immediately via the Google Play Store.

Proactive Monitoring: Security teams should monitor mobile device management (MDM) logs for outdated browser versions across the enterprise fleet.

Compensating Controls: Ensure that Google Play Protect is enabled on all Android devices to assist in detecting and blocking malicious applications or web content.

Public Exploit Available: Unknown

Given the critical nature of this memory corruption flaw and its potential for sandbox escape, organizations must prioritize the rapid deployment of the Chrome update. Failure to patch may leave mobile devices vulnerable to remote exploitation, leading to significant security breaches.