Impact
Insufficient data validation in Google Chrome for iOS versions prior to 150.0.7871.47 enables a local attacker who has physical access to the device to read potentially sensitive process memory. The vulnerability is a high‐severity flaw because the data exposed may include credentials or personal information. The weakness aligns with improper validation of inputs, exposing data to unauthorized actors.
Affected Systems
Google Chrome for iOS, any build before 150.0.7871.47. Devices running those versions are susceptible.
Risk and Exploitability
The exploit requires physical device access, so an attacker must be able to read the device’s memory directly. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. Nonetheless, the Chromium security severity: High indicates significant confidentiality risk should the local attacker succeed. Because the attack vector is local, the potential for widespread impact is limited to the device owner or anyone with physical control of the device. No public exploit has been reported, so the danger is primarily theoretical but still high due to the sensitivity of exposed data.
OpenCVE Enrichment