Description
Use after free in PageInfo in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free defect was discovered in PageInfo, a component of Google Chrome on Android. A crafted HTML page could trigger a specific series of user interface gestures that free a memory object too early, allowing the attacker to execute arbitrary code within the browser process. This flaw enables code execution in the browser, compromising confidentiality, integrity, and availability of the user’s data.

Affected Systems

The vulnerability applies to versions of Google Chrome on Android earlier than 150.0.7871.47. Users running any pre‑150.0.7871.47 build are potentially exposed. The issue is limited to the Android platform and does not affect desktop or other operating system releases.

Risk and Exploitability

The CVSS score is not publicly disclosed, and the flaw requires user interaction— the attacker must encourage the victim to perform specific UI gestures after visiting a malicious page. EPSS information is not available, so there is no calculated probability of widespread exploitation. Google has not listed this vulnerability in CISA’s KEV catalog, indicating that it is not known to be actively exploited. The description labels the vulnerability as low severity, suggesting limited impact to a compromised device’s code execution within the browser process.

Generated by OpenCVE AI on July 1, 2026 at 04:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome to version 150.0.7871.47 or later
  • Ensure automatic updates are enabled so future patches are applied promptly
  • Avoid visiting untrusted web pages or clicking suspicious links until the browser is updated

Generated by OpenCVE AI on July 1, 2026 at 04:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 04:30:00 +0000

Type Values Removed Values Added
Title Use After Free in PageInfo Enables Remote Code Execution via Crafted HTML on Android Chrome

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in PageInfo in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:14.165Z

Reserved: 2026-06-29T23:11:34.887Z

Link: CVE-2026-14064

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T04:15:16Z

Weaknesses