Impact
Chrome for iOS contains an insufficient policy enforcement flaw that permits a crafted HTML page to bypass navigation restrictions. This flaw enables an attacker to redirect the browser to arbitrary locations without the user’s consent, potentially leading to phishing, malware delivery, or other malicious actions. The vulnerability is categorized as high severity by Chromium, indicating significant risk to user safety and data integrity.
Affected Systems
The issue affects Google Chrome for iOS versions earlier than 150.0.7871.47. No other affected platforms are listed. Users running the affected build should be aware that any web content served from a malicious or compromised site could exploit this flaw.
Risk and Exploitability
The EPSS score is not provided and the vulnerability is not listed in the CISA KEV catalog, but the high severity rating suggests a non‑negligible chance of exploitation. Attackers can deliver a crafted page to a victim’s browser over the network, making the vulnerability remotely exploitable. Successful exploitation requires the user to open the malformed page, after which the browser will navigate the user to unintended destinations.
OpenCVE Enrichment