Impact
Use‑after‑free in Chrome’s import feature on iOS allows a remote attacker to execute arbitrary code if a user opens a crafted file and performs specific UI gestures. The flaw is limited to versions before 150.0.7871.47 and provides an attacker the ability to run code on the device, compromising confidentiality, integrity, and availability.
Affected Systems
Google Chrome on iOS, versions older than 150.0.7871.47.
Risk and Exploitability
The vulnerability is rated as High severity in Chromium, but the EPSS score is not available, and the attack vector is not listed in KEV. Because it requires a victim to be tricked into opening a malicious file and performing UI gestures, the exploitation probability is likely low to moderate unless successful social engineering is achieved. However, if exploited, an attacker can execute arbitrary code with the device’s privileges.
OpenCVE Enrichment