Impact
The flaw arises from insufficient validation of untrusted input in the iOSWeb component, a type of input validation vulnerability (CWE-20). A maliciously crafted HTML page can trigger heap corruption, potentially leading to memory corruption, data leakage, or denial of service on affected Chrome iOS instances.
Affected Systems
Google Chrome on iOS devices running a version older than 150.0.7871.47 are susceptible to this vulnerability, regardless of the underlying iOS version.
Risk and Exploitability
The CVE is classified as Critical, yet the EPSS score is not available and the vulnerability is not listed in CISA KEV. The likely attack vector involves a remote attacker delivering a crafted HTML page that Chrome renders, exploiting the uncontrolled heap manipulation. Exploitation requires the victim to load or view the malicious content, and while no public exploits are presently documented, the high severity and lack of mitigation in older versions imply a substantive risk.
OpenCVE Enrichment