CVE-2026-14005
Google · Chrome for Android
A use-after-free vulnerability in the Omnibox component of Google Chrome for Android may allow for unauthorized memory access or code execution.
Executive summary
Google Chrome for Android is vulnerable to a use-after-free flaw in the Omnibox that could be exploited by an attacker to compromise mobile device security.
Vulnerability
The vulnerability is a use-after-free error occurring within the Omnibox component. An unauthenticated attacker could trigger this condition via a malicious URL, potentially leading to arbitrary code execution or a denial-of-service state.
Business impact
The exploitation of this vulnerability on mobile devices can lead to the compromise of sensitive corporate data stored on or accessed via the device. With a CVSS score of 8.8, the potential for high-impact compromise makes this a significant risk for mobile device management (MDM) environments and remote workforce security.
Remediation
Immediate Action: Update the Google Chrome application on all Android devices to version 150 or later via the Google Play Store.
Proactive Monitoring: Review mobile device management logs for irregular application behavior or persistent crashes related to the browser.
Compensating Controls: Utilize endpoint protection software on mobile devices to detect and block malicious web content or anomalous process activity.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Mobile security is a critical component of the modern threat landscape; administrators should ensure that all Android devices running Chrome are updated to the latest version. Patching is the only effective way to mitigate this use-after-free vulnerability and protect against potential mobile-based exploitation.