Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Remote crafted-page delivery with no auth (AV:N/PR:N) but victim must open the page (UI:R); heap corruption yields high C/I/A within the unchanged browser scope.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
AnalysisAI
Heap corruption in the iOSWeb component of Google Chrome for iOS before 150.0.7871.47 lets a remote attacker who lures a victim to a crafted HTML page potentially achieve memory corruption with high confidentiality, integrity, and availability impact. Chromium rated the underlying issue Critical severity, though the CVSS base score is 8.8 because exploitation requires user interaction (visiting a page). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open a crafted HTML page in Google Chrome for iOS at a version below 150.0.7871.47 - user interaction (UI:R) is mandatory, so it cannot be triggered fully passively. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and lean toward moderate real-world priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a crafted HTML page (or injects it into a compromised/ad-served resource) and entices an iOS user to open it in vulnerable Chrome via a phishing link or message. When the page is rendered, malformed input triggers heap corruption in iOSWeb, which the attacker attempts to shape toward memory disclosure or control-flow hijacking within the browser. … |
| Remediation | Vendor-released patch: update Google Chrome on iOS to 150.0.7871.47 or later, distributed via the Apple App Store; verify the advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify number of iOS devices running Chrome in your environment and assess user access to sensitive data. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Important| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40463
GHSA-fp9g-w2pv-q2hw