Description
Side-channel information leakage in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Side‑channel information leakage in the Safe Browsing component of Google Chrome on iOS allows a remote attacker, once they have compromised the renderer process, to leak cross‑origin data through a specially crafted HTML page. This weakness is a form of sensitive data exposure, classified as CWE‑1300, enabling an attacker to read data that should be isolated by the same‑origin policy. The impact is high, as revealed data could include user‑specific content, credentials, or other confidential information accessed by the compromised renderer.

Affected Systems

Google Chrome for iOS versions earlier than 150.0.7871.47 are affected. The vulnerability is present in the Safe Browsing subsystem of these builds and may affect any device running these OS‑level Chrome versions.

Risk and Exploitability

The flaw is severe because it requires only compromise of a renderer process, which is a common attack surface in web browsers. The Chromium project labels it high severity, but a CVSS score is not provided. Exploitation would need an attacker capable of delivering malicious content to the compromised renderer, which might occur via phishing or malicious web content. The EPSS score is not available and vulnerability is not listed in CISA KEV. The likely attack vector is a remote web‑based attack that first gains renderer foothold and then triggers the side‑channel leak.

Generated by OpenCVE AI on July 1, 2026 at 04:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome on iOS to version 150.0.7871.47 or later.
  • Enable automatic updates on the device so subsequent security patches are delivered automatically and applied without user action.
  • In environments with device management, restrict web browsing to a whitelist of approved domains to reduce exposure to malicious crafted HTML that could exploit the renderer.

Generated by OpenCVE AI on July 1, 2026 at 04:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 04:45:00 +0000

Type Values Removed Values Added
Title Cross‑Origin Information Leakage via Renderer Compromise in Chrome Safe Browsing on iOS

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Side-channel information leakage in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-1300
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:41.106Z

Reserved: 2026-06-29T23:03:23.053Z

Link: CVE-2026-13809

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T04:30:06Z

Weaknesses
  • CWE-1300

    Improper Protection of Physical Side Channels