CVE-2026-14428
Google · Chrome for Android
Insufficient validation of untrusted input in the Dawn component of Google Chrome for Android may allow for remote code execution.
Executive summary
A critical input validation vulnerability in the Dawn component of Google Chrome for Android could allow remote attackers to compromise mobile device security.
Vulnerability
The vulnerability stems from insufficient validation of untrusted input within the Dawn graphics library. This flaw allows an unauthenticated remote attacker to trigger an out-of-bounds or memory corruption state via malicious web content.
Business impact
With a CVSS score of 8.3, this vulnerability presents a high risk for mobile environments where Chrome is used for corporate access. Exploitation could result in unauthorized access to sensitive application data or the execution of malicious code on mobile devices. This impacts the overall security posture of mobile-first workflows and requires immediate remediation to prevent device compromise.
Remediation
Immediate Action: Update Google Chrome for Android via the Google Play Store to version 150 or later.
Proactive Monitoring: Review mobile device management (MDM) logs to identify devices running outdated browser versions and enforce compliance updates.
Compensating Controls: Restrict access to untrusted or high-risk websites on mobile devices using mobile threat defense (MTD) solutions until updates are applied.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Mobile devices are a frequent target for browser-based exploits; therefore, prompt patching is essential. IT administrators should force updates for all managed mobile devices to ensure they are running version 150 or higher to mitigate this high-severity risk.