Google Chrome on Android contains a use-after-free flaw in its Autofill component. The vulnerability allows a malicious renderer process, which the attacker has already compromised, to cause a sandbox escape when a specially crafted HTML document is loaded. The flaw falls under CWEs 416 and 825 and can enable the attacker to elevate privileges or execute code outside the browser sandbox, thereby threatening confidentiality, integrity, and availability of the device.

The issue affects any Android version of Google Chrome prior to build 149.0.7827.53. Systems running earlier releases lack the protection that the patched code provides.

The CVSS score of 9.6 indicates a high severity vulnerability. The EPSS score is below 1%, suggesting a low probability of exploitation in the wild, and the flaw is not listed in the CISA KEV catalog. Chromium initially rated the issue as Medium severity, but the high CVSS score highlights the potential for significant damage if exploited. Exploitation requires a pre-existing compromise of the renderer process and delivery of a malicious HTML page that triggers the dangling pointer. The likely attack vector is a crafted HTML document served to the compromised renderer; this inference is based on the nature of the use‑after‑free and the requirement of renderer process control. While not trivial, a successful exploit could allow a sandbox escape and elevation of privileges.