Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Remote crafted page needs only a page visit (UI:R, PR:N, AC:L); the sandbox escape crosses a security boundary (S:C) yielding total compromise (C/I/A:H).
Primary rating from Vendor (Chrome).
CVSS VectorVendor: Chrome
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
AnalysisAI
Sandbox escape in Google Chrome for Android before 149.0.7827.197 stems from a use-after-free in the WebGL graphics component, letting a remote attacker who lures a victim to a crafted HTML page break out of the renderer sandbox. Rated Critical by Chromium and carrying a CVSS 9.6 with scope change, the flaw threatens full compromise of the browser process boundary on affected Android devices. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to load attacker-controlled content that exercises the WebGL code path - i.e., open a crafted HTML page in Chrome for Android prior to 149.0.7827.197 - which the CVSS UI:R reflects as the required user interaction. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed, which is important for prioritization. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a malicious web page containing crafted WebGL JavaScript and entices an Android user to open it (via phishing link, malvertising, or a compromised site); when the page loads, the WebGL code triggers the use-after-free, corrupts memory, and chains to a sandbox escape giving the attacker control beyond the renderer. No public exploit is identified at time of analysis, but the low attack complexity and required-but-trivial user interaction make a weaponized drive-by plausible if an exploit is developed. |
| Remediation | Vendor-released patch: upgrade Google Chrome on Android to 149.0.7827.197 or later, which is the fixed Stable channel build per the Chrome Releases advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0482630350.html; on Android this is delivered via the Google Play Store, so ensure automatic Play updates are enabled and force-update managed fleets through MDM. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Android devices with Chrome across your environment (corporate-managed, BYOD, kiosk deployments). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39032
GHSA-cc6x-3gf8-2x53