You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
android autofill
About this tag
The android autofill tag on WindowsForum covers security vulnerabilities in Chrome's Android Autofill feature, particularly use-after-free flaws that can lead to sandbox escape. Discussions analyze how Google's severity ratings may understate real-world risk, with medium-rated CVEs sometimes scoring critical under downstream CVSS models. Content focuses on the implications for enterprise fleet management and browser security patching, emphasizing that vulnerability metadata can be misleading. The tag is relevant for IT administrators and security professionals managing Chrome on Android devices.
Google’s CVE-2026-11131 is a Chrome-on-Android Autofill use-after-free flaw disclosed June 4, 2026, affecting versions before 149.0.7827.53 and describing a renderer-compromise-to-sandbox-escape path through a crafted HTML page. That is the plain version; the interesting version is messier. A...