Description
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Chrome for iOS contains an insufficient policy enforcement flaw that permits a crafted HTML page to bypass navigation restrictions. This flaw enables an attacker to redirect the browser to arbitrary locations without the user’s consent, potentially leading to phishing, malware delivery, or other malicious actions. The vulnerability is categorized as high severity by Chromium, indicating significant risk to user safety and data integrity.

Affected Systems

The issue affects Google Chrome for iOS versions earlier than 150.0.7871.47. No other affected platforms are listed. Users running the affected build should be aware that any web content served from a malicious or compromised site could exploit this flaw.

Risk and Exploitability

The EPSS score is not provided and the vulnerability is not listed in the CISA KEV catalog, but the high severity rating suggests a non‑negligible chance of exploitation. Attackers can deliver a crafted page to a victim’s browser over the network, making the vulnerability remotely exploitable. Successful exploitation requires the user to open the malformed page, after which the browser will navigate the user to unintended destinations.

Generated by OpenCVE AI on July 1, 2026 at 01:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome on iOS to version 150.0.7871.47 or newer.
  • If an upgrade is not feasible at the moment, uninstall Chrome from the device or switch to a reputable alternative browser until the issue is resolved.
  • Enable content blockers or robust secure browsing settings to reduce exposure to malicious web content.

Generated by OpenCVE AI on July 1, 2026 at 01:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 01:30:00 +0000

Type Values Removed Values Added
Title Chrome for iOS Navigation Bypass via Insufficient Policy Enforcement
Weaknesses CWE-284

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:35.817Z

Reserved: 2026-06-29T23:03:19.648Z

Link: CVE-2026-13795

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T01:15:16Z

Weaknesses