Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Network-reachable with no auth needed but requires active user UI gestures; only confidentiality is impacted as Autofill data is read cross-origin without write or availability consequence.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
AnalysisAI
Cross-origin data leakage in Google Chrome's Autofill subsystem on iOS (versions prior to 150.0.7871.47) enables remote attackers to read sensitive data across origin boundaries by luring victims into performing specific UI gestures on a crafted page. Rooted in CWE-346 (Origin Validation Error), the Autofill policy enforcement layer fails to maintain proper origin isolation under targeted interaction conditions. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a victim running Google Chrome on iOS at a version below 150.0.7871.47 to visit an attacker-controlled web page AND actively perform specific UI gestures as prompted by that page - passive browsing without interaction is insufficient. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N yields a 6.5 Medium score, reflecting a network-reachable, low-complexity flaw requiring no attacker privileges but mandatory victim interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious HTML page designed to trigger Chrome's Autofill policy bypass and hosts it on a publicly accessible server, then socially engineers an iOS Chrome user into visiting the page - via phishing email, SMS link, or malicious advertisement - and prompting them to perform specific UI gestures such as tapping or swiping in a particular sequence. Once the gestures are completed, the crafted page exploits the insufficient origin validation to read cross-origin Autofill-populated data, potentially extracting saved credentials, personal information, or payment data associated with a different origin. … |
| Remediation | Update Google Chrome on iOS to version 150.0.7871.47 or later via the App Store update mechanism or Chrome's in-app update prompt. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-346 – Origin Validation Error
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40599
GHSA-52gf-2x69-m2w4