Description
Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-04
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Use after free in Google Chrome for iOS prior to 149.0.7827.53 allows a remote attacker to persuade a user to perform a specific UI gesture on a crafted web page, resulting in arbitrary code execution within the browser process. This flaw is classified as CWE‑416 and carries high severity in Chromium’s assessment.

Affected Systems

Google Chrome for iOS versions older than 149.0.7827.53 are affected. Only the iOS variant of Chrome is listed; no other platforms are mentioned.

Risk and Exploitability

The vulnerability requires user interaction with a malicious web page that triggers unusual UI gestures, so live exploitation would need socially engineered phishing or similar tactics. The CVSS base score of 8.8 indicates a high severity level, but no EPSS value is available and the flaw is not currently listed in CISA KEV, meaning there is no confirmed exploit in the wild yet. Nonetheless, the potential for remote code execution warrants high risk if an attacker can convince a user to engage in the required gestures.

Generated by OpenCVE AI on June 5, 2026 at 04:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome on iOS to version 149.0.7827.53 or later.
  • Clear browsing data after installing the patch to remove any cached malicious content.
  • Avoid interacting with unfamiliar or suspicious web pages that might require special UI gestures until the update is installed.

Generated by OpenCVE AI on June 5, 2026 at 04:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 05 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Title Use After Free in Chrome for iOS Enables Remote Code Execution via Crafted Web Pages

Fri, 05 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T00:30:58.977Z

Reserved: 2026-06-04T17:06:15.717Z

Link: CVE-2026-10958

cve-icon Vulnrichment

Updated: 2026-06-05T00:25:44.770Z

cve-icon NVD

Status : Received

Published: 2026-06-04T23:16:58.787

Modified: 2026-06-05T02:17:00.880

Link: CVE-2026-10958

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T04:45:32Z

Weaknesses