PT-2026-54149 · Google · Chrome On Android
Published
2026-06-30
·
Updated
2026-07-01
·
CVE-2026-13872
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Google Chrome on Android versions prior to 150.0.7871.47
Description
Insufficient validation of untrusted input in the WebAppInstalls component occurs when handling Web App install-related data. This trust boundary failure allows crafted file content to be processed in an unsafe manner. A local attacker can exploit this by inducing a user to open or import a malicious file via downloads, share intents, or attachments. Successful exploitation can lead to a sandbox escape, which may allow code execution in a higher-privileged context and unauthorized data access beyond the renderer sandbox.
Recommendations
Update Google Chrome on Android to version 150.0.7871.47 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chrome On Android