CVE-2026-10923: Use after free in Google Chrome
CVE-2026-10923 is a use-after-free vulnerability in the WebAppInstalls component of Google Chrome on Android versions prior to 149. 0. 7827. 53. This flaw allows a local attacker to execute arbitrary code by leveraging a malicious file. The vulnerability has been publicly disclosed with a high security severity rating by Chromium. There is no CVSS score available for this issue. The vendor advisory linked does not explicitly confirm patch availability or remediation status. No known exploits in the wild have been reported at this time.
AI Analysis
Technical Summary
This vulnerability involves a use-after-free condition in the WebAppInstalls feature of Google Chrome on Android devices before version 149.0.7827.53. Exploitation requires local attacker access and involves triggering the flaw via a crafted malicious file, potentially leading to arbitrary code execution. The issue was assigned CVE-2026-10923 and publicly disclosed on June 4, 2026. The vendor advisory linked is a general stable channel update announcement without explicit patch or remediation details for this specific vulnerability.
Potential Impact
Successful exploitation could allow a local attacker to execute arbitrary code on affected Android devices running vulnerable versions of Google Chrome. This could lead to compromise of the browser process and potentially the device, depending on the attack context. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor advisory linked does not explicitly confirm a fix for this vulnerability, users should monitor official Google Chrome release notes and update to version 149.0.7827.53 or later once confirmed. Until then, avoid opening untrusted files locally in Chrome on Android.
CVE-2026-10923: Use after free in Google Chrome
Description
CVE-2026-10923 is a use-after-free vulnerability in the WebAppInstalls component of Google Chrome on Android versions prior to 149. 0. 7827. 53. This flaw allows a local attacker to execute arbitrary code by leveraging a malicious file. The vulnerability has been publicly disclosed with a high security severity rating by Chromium. There is no CVSS score available for this issue. The vendor advisory linked does not explicitly confirm patch availability or remediation status. No known exploits in the wild have been reported at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a use-after-free condition in the WebAppInstalls feature of Google Chrome on Android devices before version 149.0.7827.53. Exploitation requires local attacker access and involves triggering the flaw via a crafted malicious file, potentially leading to arbitrary code execution. The issue was assigned CVE-2026-10923 and publicly disclosed on June 4, 2026. The vendor advisory linked is a general stable channel update announcement without explicit patch or remediation details for this specific vulnerability.
Potential Impact
Successful exploitation could allow a local attacker to execute arbitrary code on affected Android devices running vulnerable versions of Google Chrome. This could lead to compromise of the browser process and potentially the device, depending on the attack context. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor advisory linked does not explicitly confirm a fix for this vulnerability, users should monitor official Google Chrome release notes and update to version 149.0.7827.53 or later once confirmed. Until then, avoid opening untrusted files locally in Chrome on Android.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-04T17:06:07.283Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html","vendor":"Google"}]
Threat ID: 6a2207f5e29bf47b50dbaad1
Added to database: 6/4/2026, 11:19:17 PM
Last enriched: 6/5/2026, 3:19:42 AM
Last updated: 6/5/2026, 5:01:27 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.