Description
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from insufficient policy enforcement in Google Chrome for iOS, allowing an attacker who has already gained control of the renderer process to craft a malicious HTML page that may escape the renderer sandbox. This escape potentially grants the attacker the ability to execute code beyond the confined environment, leading to full compromise of the device or user data within the browser context. The impact is therefore a high‑severeness remote code execution condition.

Affected Systems

Google Chrome for iOS is affected. Versions prior to 150.0.7871.47 lack the fix and are considered vulnerable. All users running these earlier builds run the risk of exploitation by a remote attacker who can exploit compromised renderer code through crafted web content.

Risk and Exploitability

The CVSS severity is marked as High, reflecting the dangerous nature of a sandbox escape. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote; an attacker must first compromise the renderer process, typically through a malicious web page served to a user. Once that condition is met, the crafted HTML can trigger the sandbox escape. The exploitation requires interaction with a malicious page, so the risk is primarily for users who visit compromised sites or embed malicious HTML. Given the high severity and the potential for complete code execution, timely remediation is critical.

Generated by OpenCVE AI on July 1, 2026 at 00:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome for iOS to version 150.0.7871.47 or later
  • Enable automatic browser updates to ensure the latest security patches are applied
  • Review browser usage policies and consider restricting or monitoring use of third‑party web content in critical environments

Generated by OpenCVE AI on July 1, 2026 at 00:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 01:00:00 +0000

Type Values Removed Values Added
Title Insufficient Policy Enforcement Enables Sandbox Escape in Chrome for iOS

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:42.559Z

Reserved: 2026-06-29T23:03:24.006Z

Link: CVE-2026-13813

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T00:45:15Z

Weaknesses
  • CWE-20

    Improper Input Validation