Description
Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw arises from insufficient validation of untrusted input in the iOSWeb component, a type of input validation vulnerability (CWE-20). A maliciously crafted HTML page can trigger heap corruption, potentially leading to memory corruption, data leakage, or denial of service on affected Chrome iOS instances.

Affected Systems

Google Chrome on iOS devices running a version older than 150.0.7871.47 are susceptible to this vulnerability, regardless of the underlying iOS version.

Risk and Exploitability

The CVE is classified as Critical, yet the EPSS score is not available and the vulnerability is not listed in CISA KEV. The likely attack vector involves a remote attacker delivering a crafted HTML page that Chrome renders, exploiting the uncontrolled heap manipulation. Exploitation requires the victim to load or view the malicious content, and while no public exploits are presently documented, the high severity and lack of mitigation in older versions imply a substantive risk.

Generated by OpenCVE AI on July 1, 2026 at 03:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome for iOS to version 150.0.7871.47 or later.
  • Avoid opening untrusted or unknown HTML content in Chrome until the update is confirmed, and consider applying enterprise policies to restrict loading of suspicious web resources.
  • Implement corporate browsing policies that block or warn about loading potentially unsafe local files or scripts in Chrome for iOS.

Generated by OpenCVE AI on July 1, 2026 at 03:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 03:30:00 +0000

Type Values Removed Values Added
Title Insufficient Validation of Untrusted Input in iOSWeb Leading to Potential Heap Corruption in Chrome for iOS

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:28.672Z

Reserved: 2026-06-29T23:03:14.678Z

Link: CVE-2026-13777

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T03:15:15Z

Weaknesses
  • CWE-20

    Improper Input Validation