Impact
The vulnerability is an input validation flaw in Chrome for iOS that allows a remote attacker to inject arbitrary scripts or HTML via a crafted page when the user engages in specific UI gestures. This flaw is categorized as CWE‑20 and could enable an attacker to execute code in the context of the browser, compromising user data and potentially allowing further exploitation.
Affected Systems
Google Chrome for iOS versions prior to 150.0.7871.47 are affected.
Risk and Exploitability
The flaw is assessed as high severity by Chromium. No EPSS score is available, and it is not listed in the CISA KEV catalog. Because the attack requires the victim to perform specific UI gestures on a crafted page, the likely attack vector is user‑interactive with a remote origin. An attacker could entice a user to visit a malicious site or open a crafted file that triggers the injection, leading to arbitrary script execution in the browser context.
OpenCVE Enrichment