Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Android Runtime Privilege Escalation Vulnerability via Chrome Sandbox Escape
Vulnerability
A use-after-free vulnerability has been identified that allows for a potential escape from the Chrome sandbox to target the Android system_server. This vulnerability could lead to a local escalation of privileges, requiring no additional execution rights. Exploitation does not involve user interaction.
Impact
Exploitation of this vulnerability could result in unauthorized access to elevated privileges, allowing a user to perform actions or access resources that are normally restricted.
Reproduction
The vulnerability can be reproduced by exploiting the use-after-free condition, which creates a window of opportunity to manipulate memory. This can be done by crafting a specific sequence of actions that triggers the use-after-free, potentially leading to an escape from the Chrome sandbox and an attack on the system_server.
Remediation
Users can update their devices to the September 2025 security patch level, which addresses this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.