A high-severity use-after-free flaw in the Google Chrome Android input component creates a risk of arbitrary code execution.

The flaw resides in the Input component of the browser on Android devices. An attacker can exploit this via malicious web content, which does not require prior authentication.

With a CVSS score of 8.3, this vulnerability poses a severe threat to mobile devices that access sensitive corporate data. Exploitation could allow an attacker to gain unauthorized control over the mobile browser environment, potentially accessing locally stored data or credentials.

Immediate Action: Update the Google Chrome application on all Android devices to version 148 or later via the Google Play Store.

Proactive Monitoring: Review mobile device management (MDM) logs for outdated application versions across the fleet.

Compensating Controls: Restrict mobile access to high-value internal applications until the browser environment has been patched.

Public Exploit Available: false

Organizations with mobile device fleets must ensure that Chrome is updated immediately to prevent remote exploitation. Given the prevalence of mobile-based threats, prompt patching is essential to maintain the security posture of the mobile workforce.