Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Physical access is the confirmed attack vector per description; no privileges or user interaction needed once device is held; full C/I/A impact via heap corruption within browser scope.
Primary rating from Vendor (Chrome).
CVSS VectorVendor: Chrome
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. (Chromium security severity: High)
AnalysisAI
Use-after-free memory corruption in Google Chrome's Payments component on Android (prior to 149.0.7827.201) enables a local attacker with physical access to the device to trigger heap corruption, yielding high impact across confidentiality, integrity, and availability. The physical-access requirement (CVSS AV:P) substantially constrains the exploitable population to scenarios such as unattended or stolen devices. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Physical access to the target Android device is the mandatory prerequisite, as confirmed by the CVSS vector AV:P. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.8 Medium score reflects the physical access requirement (AV:P), which is the dominant risk-limiting factor. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker steals or gains brief unattended access to an Android device running Chrome prior to 149.0.7827.201, then navigates Chrome to a controlled or malicious page that triggers specific Payments component interactions - such as invoking the payment request flow or accessing stored card data - causing a use-after-free condition that corrupts heap memory. If paired with a sandbox escape primitive, this could yield arbitrary code execution in the context of the Chrome process. … |
| Remediation | Update Google Chrome on Android to version 149.0.7827.201 or later. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allVendor StatusVendor
SUSE
Severity: ImportantShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39584
GHSA-m28g-h5xq-jc4p