CVE-2026-6315
Published: 15 April 2026
Description
Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of flaws like this use-after-free vulnerability through installation of vendor patches such as Chrome for Android 147.0.7727.101.
Implements memory safeguards such as ASLR and DEP to directly counter use-after-free exploits leading to arbitrary code execution.
Enforces process isolation via browser sandboxing to confine arbitrary code execution in the Permissions component and limit system compromise.
Security SummaryAI
CVE-2026-6315 is a use-after-free vulnerability (CWE-416) in the Permissions component of Google Chrome on Android versions prior to 147.0.7727.101. Published on 2026-04-15, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is classified as High severity by the Chromium security team.
A remote attacker can exploit this vulnerability by convincing a targeted user to engage in specific UI gestures while interacting with a crafted HTML page, potentially leading to arbitrary code execution on the affected device.
Google has addressed the issue in Chrome for Android version 147.0.7727.101 and later. For patch details and additional information, refer to the Chrome Releases blog at https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html and the Chromium issue tracker at https://issues.chromium.org/issues/499247910.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a client-side use-after-free in Google Chrome leading to arbitrary code execution via a crafted HTML page requiring user interaction, directly mapping to Exploitation for Client Execution (T1203).