CVE-2026-14401
Google · Chrome for Android
Insufficient validation of untrusted input in the ANGLE component of Google Chrome for Android may lead to security bypasses or system compromise.
Executive summary
A high-severity input validation vulnerability in the ANGLE graphics engine of Google Chrome for Android exposes mobile devices to potential remote exploitation.
Vulnerability
The vulnerability stems from improper validation of untrusted input within the ANGLE graphics engine. An unauthenticated attacker can exploit this by enticing a user to navigate to a malicious website containing specially crafted input.
Business impact
With a CVSS score of 8.3, this vulnerability represents a significant threat to mobile security. Compromise of the browser on Android devices can lead to the exfiltration of sensitive application data, unauthorized access to device resources, and potential bypass of mobile security perimeters.
Remediation
Immediate Action: Update the Google Chrome application via the Google Play Store to version 150 or later as soon as the update becomes available.
Proactive Monitoring: Monitor mobile device management (MDM) logs for unusual application behavior or unexpected security alerts originating from the browser process.
Compensating Controls: Use web filtering solutions to block access to known malicious domains and enforce strict mobile security policies to minimize the impact of browser-based attacks.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Mobile users and enterprise administrators managing Android fleets should expedite the rollout of Chrome updates. Addressing this input validation flaw is essential to preventing remote code execution or privilege escalation on mobile endpoints.