Critical Use-After-Free Bug Hits Chrome on Android
The National Vulnerability Database (NVD) recently published details on CVE-2026-6358, a critical use-after-free vulnerability affecting Google Chrome on Android. Specifically, versions prior to 147.0.7727.101 are susceptible. This isn’t just a garden-variety bug; we’re talking about a memory corruption issue that could let a remote attacker read memory out-of-bounds.
According to the NVD, the exploit vector involves a crafted HTML page. An attacker could lure a user to a malicious site, triggering the vulnerability within Chrome’s XR component. The Chromium security team has pegged this with a ‘Critical’ severity, and the CVSS v3.1 score of 8.8 (HIGH) backs that up. Use-after-free bugs (CWE-416) are particularly nasty because they can lead to arbitrary code execution or information disclosure, giving attackers a significant foothold.
Related ATT&CK Techniques
🛡️ Detection Rules
4 rules · 6 SIEM formats4 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, QRadar AQL, and Wazuh.
Web Application Exploitation Attempt — CVE-2026-6358
Want this in your SIEM's native format? Get Splunk SPL, Sentinel KQL, Elastic, QRadar AQL, or Wazuh — ready to paste.
4 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.
Get All SIEM Formats →Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-6358 | Use After Free | Google Chrome on Android prior to 147.0.7727.101 |
| CVE-2026-6358 | Memory Corruption | Out of bounds memory read in XR component |
| CVE-2026-6358 | RCE | Remote attacker via crafted HTML page |
Related Posts
ArgoCD Image Updater Flaw Bypasses Namespace Boundaries
CVE-2026-6388 — A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in...
CVE-2026-40500 — The Admin Panel'S 'Add Module From URL' Feature That Server-Side Request Forgery
CVE-2026-40500 — ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows...
Composer Command Injection: Malicious Repositories are a New Vector
CVE-2026-40261 — Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase()...