Description
Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Google Chrome for iOS prior to 150.0.7871.47 allows a remote adversary who has already compromised the renderer process to construct a malicious HTML page that bypasses input validation and escapes the browser sandbox. The vulnerability involves an insufficient input validation weakness (CWE‑20). If exploited, the attacker could gain the privileges of the sandboxed renderer, potentially leading to execution of arbitrary code on the device.

Affected Systems

Google Chrome for iOS versions before 150.0.7871.47 are vulnerable. Any device running these older builds, which include iOS versions that support these Chrome releases, is at risk until the vendor releases an updated build.

Risk and Exploitability

The incident is rated as high severity by Chromium security reviews. The attacker requires remote access to the renderer process, which typically means successful phishing or exploitation of another vulnerability that allows code execution in that context. Because the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, the publicly documented exploitation probability is unknown. Nevertheless, the combination of sandbox escape potential and the need for a compromised renderer process indicates a significant risk to confidentiality and integrity for users of the affected builds.

Generated by OpenCVE AI on July 1, 2026 at 08:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome for iOS to version 150.0.7871.47 or later, which contains the fixed input validation.
  • Avoid loading or interacting with unfamiliar or suspicious web pages until the browser update is applied.
  • Keep the underlying iOS operating system updated with the latest security patches to minimize the attack surface for renderer‑process compromise.

Generated by OpenCVE AI on July 1, 2026 at 08:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Wed, 01 Jul 2026 08:30:00 +0000

Type Values Removed Values Added
Title Insufficient Untrusted Input Validation Enables Sandbox Escape in Chrome for iOS

Wed, 01 Jul 2026 01:30:00 +0000

Type Values Removed Values Added
Title Insufficient Untrusted Input Validation Enables Sandbox Escape in Chrome for iOS

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-20
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:53.608Z

Reserved: 2026-06-29T23:03:31.495Z

Link: CVE-2026-13843

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T09:00:14Z

Weaknesses
  • CWE-20

    Improper Input Validation