← back
CVE-2025-48543

CVE-2025-48543

CVSS 8.8 HIGHEPSS 0.5%● KEVCWE-416
In short

A flaw in Chrome allows an attacker to escape the browser's sandbox and gain unauthorized access to Android's system processes. This means someone can run malicious code with high system privileges without needing the user to do anything special.

Technical detail

Use-after-free vulnerability in Chrome's sandbox implementation enables local privilege escalation targeting Android system_server. The attack requires no additional execution privileges or user interaction, allowing an unprivileged process to break sandbox confinement and execute code with elevated system capabilities.

Summary generated and translated by AI from the official description.
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
Google · Android

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://android.googlesource.com/platform/art/+/444fc40dfb04d2ec5f74c443ed3a4dd45d3131f2https://source.android.com/security/bulletin/2025-09-01https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48543