Google Chrome on Android is susceptible to a critical sandbox escape vulnerability due to a use-after-free error in the WebView component, potentially allowing full device compromise.

The flaw is a use-after-free condition within the WebView component. A remote attacker who has already compromised the renderer process can use a specifically crafted HTML page to trigger this memory corruption and escape the application sandbox.

This vulnerability carries a CVSS score of 9.6, reflecting its extreme severity. A successful sandbox escape allows an attacker to move beyond the browser's restricted environment, potentially gaining access to sensitive mobile data, system resources, and other installed applications.

Immediate Action: Update Google Chrome on Android devices to version 146.0.7680.178 or higher immediately via the Google Play Store.

Proactive Monitoring: Security teams should monitor for unusual application crashes on Android endpoints that may indicate failed exploitation attempts of memory corruption flaws.

Compensating Controls: Utilize Mobile Device Management (MDM) solutions to enforce browser updates and restrict access to untrusted websites on corporate-managed Android devices.

Public Exploit Available: No

This vulnerability represents a significant threat to mobile security and data privacy. Organizations must ensure that all Android-based endpoints are updated to the latest version of Chrome to mitigate the risk of a remote sandbox escape.