CVE-2026-15113 in Chrome
Summary
by MITRE • 07/09/2026
Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/09/2026
This vulnerability represents a critical use-after-free condition in the autofill functionality of Google Chrome on Android platforms, specifically affecting versions prior to 150.0.7871.115. The flaw occurs within the browser's handling of form data and user input suggestions, where improper memory management allows an attacker to manipulate freed memory locations through malicious web content. The vulnerability is classified as high severity by Chromium security standards due to its potential for privilege escalation and sandbox escape capabilities.
The technical implementation of this use-after-free flaw stems from inadequate memory lifecycle management within Chrome's autofill component when processing crafted HTML pages. When a user interacts with form elements on a malicious website, the browser's autofill system may attempt to access memory that has already been deallocated, creating opportunities for memory corruption and arbitrary code execution. This type of vulnerability falls under CWE-416, which specifically addresses use-after-free conditions in software systems. The flaw is particularly dangerous because it can be exploited remotely through web-based attacks without requiring user interaction beyond visiting a malicious page.
The operational impact of this vulnerability extends beyond typical browser exploitation scenarios, as successful exploitation could enable attackers to bypass Chrome's security sandbox mechanisms that isolate browser processes from the underlying operating system. This sandbox escape capability allows threat actors to potentially access sensitive user data, modify browser behavior, or even gain elevated privileges on the affected device. The attack surface is broad since any web page containing malicious HTML content can trigger this vulnerability, making it particularly dangerous for users who browse untrusted websites or receive phishing emails with embedded malicious links.
Organizations and users should immediately update to Chrome version 150.0.7871.115 or later to mitigate this vulnerability. Additional defensive measures include enabling Chrome's built-in security features such as site isolation, sandboxing, and automatic updates where possible. Security teams should monitor for exploitation attempts through network traffic analysis and browser telemetry data, particularly looking for unusual memory access patterns or sandbox escape indicators. The ATT&CK framework categorizes this type of vulnerability under technique T1059 for remote code execution and T1548 for privilege escalation, making it a significant concern for enterprise security postures where mobile device management and endpoint protection are critical components of overall security strategy.