What is the CVSS score of CVE-2026-7897?

CVE-2026-7897 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Google Chrome iOS are affected by CVE-2026-7897?

Google Chrome for iOS versions prior to 148.0.7778.96 contain a remote code execution vulnerability in the mobile UI handler that requires user interaction through specific gestures on malicious…. A patch is available.

Google Chrome iOS CVE-2026-7897

EUVD-2026-27897 HIGH

Use After Free (CWE-416)

2026-05-06 Chrome

RCE Denial Of Service Google Use After Free Memory Corruption Apple Red Hat Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 07, 2026 - 00:30 vuln.today

CVSS changed

May 06, 2026 - 22:22 NVD

7.5 (HIGH)

CVE Published

May 06, 2026 - 18:12 nvd

HIGH 7.5

DescriptionNVD

Use after free in Mobile in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

AnalysisAI

Remote code execution in Google Chrome for iOS prior to version 148.0.7778.96 through use-after-free memory corruption in the mobile UI handler. Exploitation requires convincing a user to perform specific UI gestures while viewing a malicious HTML page. …

RemediationAI

Within 24 hours: Communicate mandatory Chrome update requirement to all iOS users and verify auto-update settings are enabled in device management policies. Within 7 days: Confirm Chrome for iOS has been updated to version 148.0.7778.96 or later across all managed and BYOD devices through MDM reporting. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

CVE-2026-5817 HIGH This Week

8.2 May 22

Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Dock

CVE-2026-5843 HIGH This Week

8.2 May 22

Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-7897 vulnerability details – vuln.today

Back

Google Chrome iOS CVE-2026-7897

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code