Impact
Side‑channel information leakage in the Safe Browsing component of Google Chrome on iOS allows a remote attacker, once they have compromised the renderer process, to leak cross‑origin data through a specially crafted HTML page. This weakness is a form of sensitive data exposure, classified as CWE‑1300, enabling an attacker to read data that should be isolated by the same‑origin policy. The impact is high, as revealed data could include user‑specific content, credentials, or other confidential information accessed by the compromised renderer.
Affected Systems
Google Chrome for iOS versions earlier than 150.0.7871.47 are affected. The vulnerability is present in the Safe Browsing subsystem of these builds and may affect any device running these OS‑level Chrome versions.
Risk and Exploitability
The flaw is severe because it requires only compromise of a renderer process, which is a common attack surface in web browsers. The Chromium project labels it high severity, but a CVSS score is not provided. Exploitation would need an attacker capable of delivering malicious content to the compromised renderer, which might occur via phishing or malicious web content. The EPSS score is not available and vulnerability is not listed in CISA KEV. The likely attack vector is a remote web‑based attack that first gains renderer foothold and then triggers the side‑channel leak.
OpenCVE Enrichment