CVE-2026-14401

Google · Chrome for Android

Insufficient validation of untrusted input in the ANGLE component of Google Chrome for Android may lead to security bypasses or system compromise.

Executive summary

A high-severity input validation vulnerability in the ANGLE graphics engine of Google Chrome for Android exposes mobile devices to potential remote exploitation.

Vulnerability

The vulnerability stems from improper validation of untrusted input within the ANGLE graphics engine. An unauthenticated attacker can exploit this by enticing a user to navigate to a malicious website containing specially crafted input.

Business impact

With a CVSS score of 8.3, this vulnerability represents a significant threat to mobile security. Compromise of the browser on Android devices can lead to the exfiltration of sensitive application data, unauthorized access to device resources, and potential bypass of mobile security perimeters.

Remediation

Immediate Action: Update the Google Chrome application via the Google Play Store to version 150 or later as soon as the update becomes available.

Proactive Monitoring: Monitor mobile device management (MDM) logs for unusual application behavior or unexpected security alerts originating from the browser process.

Compensating Controls: Use web filtering solutions to block access to known malicious domains and enforce strict mobile security policies to minimize the impact of browser-based attacks.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Mobile users and enterprise administrators managing Android fleets should expedite the rollout of Chrome updates. Addressing this input validation flaw is essential to preventing remote code execution or privilege escalation on mobile endpoints.