Impact
The vulnerability stems from insufficient policy enforcement in Google Chrome for iOS, allowing an attacker who has already gained control of the renderer process to craft a malicious HTML page that may escape the renderer sandbox. This escape potentially grants the attacker the ability to execute code beyond the confined environment, leading to full compromise of the device or user data within the browser context. The impact is therefore a high‑severeness remote code execution condition.
Affected Systems
Google Chrome for iOS is affected. Versions prior to 150.0.7871.47 lack the fix and are considered vulnerable. All users running these earlier builds run the risk of exploitation by a remote attacker who can exploit compromised renderer code through crafted web content.
Risk and Exploitability
The CVSS severity is marked as High, reflecting the dangerous nature of a sandbox escape. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote; an attacker must first compromise the renderer process, typically through a malicious web page served to a user. Once that condition is met, the crafted HTML can trigger the sandbox escape. The exploitation requires interaction with a malicious page, so the risk is primarily for users who visit compromised sites or embed malicious HTML. Given the high severity and the potential for complete code execution, timely remediation is critical.
OpenCVE Enrichment