A high-severity use-after-free vulnerability in Chrome on Android's WebView component exposes mobile devices to potential remote exploitation.

The vulnerability is a use-after-free error in the WebView component. It allows an unauthenticated attacker to cause memory corruption via a specially crafted webpage on an Android device.

The CVSS score of 8.8 underscores the gravity of this vulnerability for mobile device security. Successful exploitation could lead to unauthorized access to enterprise data stored on mobile devices, potentially compromising the integrity of corporate mobile device management (MDM) environments.

Immediate Action: Update the Google Chrome application on all Android devices to version 147 or higher through the Google Play Store.

Proactive Monitoring: Monitor mobile device management (MDM) consoles for devices running outdated versions of Chrome.

Compensating Controls: Enforce strict mobile security policies and restrict the use of non-essential third-party applications that utilize WebView.

Public Exploit Available: false

Mobile devices are an increasingly common attack vector. Security teams must ensure that Chrome on Android is updated immediately to the latest version to prevent potential exploitation of the WebView component.