Impact
A use‑after‑free defect was discovered in PageInfo, a component of Google Chrome on Android. A crafted HTML page could trigger a specific series of user interface gestures that free a memory object too early, allowing the attacker to execute arbitrary code within the browser process. This flaw enables code execution in the browser, compromising confidentiality, integrity, and availability of the user’s data.
Affected Systems
The vulnerability applies to versions of Google Chrome on Android earlier than 150.0.7871.47. Users running any pre‑150.0.7871.47 build are potentially exposed. The issue is limited to the Android platform and does not affect desktop or other operating system releases.
Risk and Exploitability
The CVSS score is not publicly disclosed, and the flaw requires user interaction— the attacker must encourage the victim to perform specific UI gestures after visiting a malicious page. EPSS information is not available, so there is no calculated probability of widespread exploitation. Google has not listed this vulnerability in CISA’s KEV catalog, indicating that it is not known to be actively exploited. The description labels the vulnerability as low severity, suggesting limited impact to a compromised device’s code execution within the browser process.
OpenCVE Enrichment