CVE-2026-13788

Google · Chrome

A use-after-free vulnerability exists in the Fullscreen implementation of Google Chrome for Android, potentially allowing remote code execution.

Executive summary

A critical use-after-free flaw in Google Chrome for Android’s Fullscreen functionality presents a high risk for mobile device compromise.

Vulnerability

This use-after-free vulnerability is located in the Fullscreen component of Google Chrome on Android. An unauthenticated attacker can exploit this by deceiving a user into interacting with a malicious webpage, leading to memory corruption.

Business impact

The CVSS score of 8.8 highlights the severity of this issue, particularly for mobile devices containing sensitive corporate data. A successful exploit could lead to unauthorized access to device data, persistent malware installation, and a breach of the mobile security perimeter.

Remediation

Immediate Action: Update Google Chrome for Android to version 150 or later via the Google Play Store immediately.

Proactive Monitoring: Monitor mobile device management (MDM) solutions for version compliance and identify devices running outdated browser versions.

Compensating Controls: Enforce strict application control policies and advise users against visiting untrusted websites on mobile devices.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Mobile security is a critical component of the enterprise threat landscape. Organizations must ensure that all Android devices are updated to the latest version of Chrome to mitigate the risk posed by this use-after-free vulnerability.