Description
Insufficient data validation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. (Chromium security severity: High)
Published: 2026-06-30
Score: 4.6 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Insufficient data validation in Google Chrome for iOS versions prior to 150.0.7871.47 enables a local attacker who has physical access to the device to read potentially sensitive process memory. The vulnerability is a high‐severity flaw because the data exposed may include credentials or personal information. The weakness aligns with improper validation of inputs, exposing data to unauthorized actors.

Affected Systems

Google Chrome for iOS, any build before 150.0.7871.47. Devices running those versions are susceptible.

Risk and Exploitability

The exploit requires physical device access, so an attacker must be able to read the device’s memory directly. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. Nonetheless, the Chromium security severity: High indicates significant confidentiality risk should the local attacker succeed. Because the attack vector is local, the potential for widespread impact is limited to the device owner or anyone with physical control of the device. No public exploit has been reported, so the danger is primarily theoretical but still high due to the sensitivity of exposed data.

Generated by OpenCVE AI on July 1, 2026 at 01:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome on iOS to the latest stable build (150.0.7871.47 or newer).
  • Enable the device screen lock to reduce the chance of an attacker gaining physical access to an unlocked device.
  • Monitor Google Chrome update announcements and apply security patches promptly as they become available.

Generated by OpenCVE AI on July 1, 2026 at 01:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Title Insufficient Data Validation in Chrome for iOS Enabling Local Process Memory Leakage
Weaknesses CWE-200

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient data validation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. (Chromium security severity: High)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:18:42.605Z

Reserved: 2026-06-29T23:03:22.803Z

Link: CVE-2026-13808

cve-icon Vulnrichment

Updated: 2026-07-01T01:04:27.008Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:00:07Z

Weaknesses
  • CWE-20

    Improper Input Validation

  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor