CVE-2026-14005

Google · Chrome for Android

A use-after-free vulnerability in the Omnibox component of Google Chrome for Android may allow for unauthorized memory access or code execution.

Executive summary

Google Chrome for Android is vulnerable to a use-after-free flaw in the Omnibox that could be exploited by an attacker to compromise mobile device security.

Vulnerability

The vulnerability is a use-after-free error occurring within the Omnibox component. An unauthenticated attacker could trigger this condition via a malicious URL, potentially leading to arbitrary code execution or a denial-of-service state.

Business impact

The exploitation of this vulnerability on mobile devices can lead to the compromise of sensitive corporate data stored on or accessed via the device. With a CVSS score of 8.8, the potential for high-impact compromise makes this a significant risk for mobile device management (MDM) environments and remote workforce security.

Remediation

Immediate Action: Update the Google Chrome application on all Android devices to version 150 or later via the Google Play Store.

Proactive Monitoring: Review mobile device management logs for irregular application behavior or persistent crashes related to the browser.

Compensating Controls: Utilize endpoint protection software on mobile devices to detect and block malicious web content or anomalous process activity.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Mobile security is a critical component of the modern threat landscape; administrators should ensure that all Android devices running Chrome are updated to the latest version. Patching is the only effective way to mitigate this use-after-free vulnerability and protect against potential mobile-based exploitation.