Impact
An inappropriate implementation in Chrome for iOS exposes cross-origin data when a user performs certain UI gestures on a crafted web page. The vulnerability allows a remote attacker to obtain sensitive information from another origin via a malicious HTML page. The impact is primarily confidentiality loss, as data such as cookies, local storage, or other secrets can be leaked to an attacker. No remote code execution or direct system compromise is reported.
Affected Systems
Google Chrome for iOS versions earlier than 150.0.7871.47 are affected.
Risk and Exploitability
The CVSS score is not listed, and the EPSS score is unavailable, indicating limited publicly available metrics for exploitation likelihood. The vulnerability is not featured in the CISA KEV catalog. Attack steps likely involve a malicious web page convincing a user to perform intricate UI gestures, which then triggers the data leak. While exploitation requires user interaction, the moderate severity suggests that this vulnerability is a notable risk to confidentiality for affected users.
OpenCVE Enrichment