Impact
The vulnerability is a use‑after‑free flaw in Chrome's WebView component on Android. A maliciously crafted HTML page can trigger the flaw, allowing the attacker to execute arbitrary code inside Chrome's sandboxed environment. This gives the attacker the privileges of the browser process, which can be leveraged to compromise the host device or exfiltrate data.
Affected Systems
Google Chrome running on Android devices with versions earlier than 150.0.7871.47 is affected. Any device using that version of Chrome, whether on the stable or other channels, is susceptible until the patch is applied.
Risk and Exploitability
The attack vector is remote, relying on a crafted web page that loads into a WebView. Because the vulnerability is in a sandboxed context, the impact is limited to the sandbox but still permits arbitrary code execution within that boundary. The CVE is listed as medium severity; EPSS data is not available and the flaw is not in the CISA KEV catalog, indicating no known widespread exploitation yet. Nonetheless, the nature of the flaw warrants prompt remediation.
OpenCVE Enrichment