PT-2026-54149 · Google · Chrome On Android

Published

2026-06-30

·

Updated

2026-07-01

·

CVE-2026-13872

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47
Description Insufficient validation of untrusted input in the WebAppInstalls component occurs when handling Web App install-related data. This trust boundary failure allows crafted file content to be processed in an unsafe manner. A local attacker can exploit this by inducing a user to open or import a malicious file via downloads, share intents, or attachments. Successful exploitation can lead to a sandbox escape, which may allow code execution in a higher-privileged context and unauthorized data access beyond the renderer sandbox.
Recommendations Update Google Chrome on Android to version 150.0.7871.47 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-13872

Affected Products

Chrome On Android