This vulnerability is a use-after-free error in the AdFilter component of Google Chrome on Android. A carefully crafted HTML page can be delivered to a user who engages in specific UI gestures, causing Chrome to execute arbitrary code. The flaw falls under CWE-416 and enables an attacker to run code with the privileges of the Chrome process, potentially compromising all data and processes accessible to the user.

Google Chrome for Android, stable channel versions earlier than 149.0.7827.201, are susceptible. The issue is confined to the Android platform and affects installations of Chrome that have not been updated to the mentioned version.

The vulnerability has a High Chromium security severity rating and, due to its reliance on a crafted web page and specific user interactions, its exploitation requires an attacker to lure a user to malicious content. While no EPSS score is currently available and the vulnerability is not listed in CISA KEV, the potential for arbitrary code execution makes it a high‑risk condition. Effective exploitation would likely involve a phishing site or malicious advertisement that triggers the required UI gestures.