Impact
The vulnerability lies in the Safe Browsing component of Google Chrome on iOS. A crafted HTML page can cause Chrome to display a forged user interface through which a remote attacker can perform UI spoofing. This flaw is classified as medium severity by Chromium, indicating potential for deceptive user interactions but no direct code execution or data exfiltration is described.
Affected Systems
Google Chrome for iOS versions prior to 150.0.7871.47 are affected. The issue is present only on the iOS platform and does not affect Chrome builds for other operating systems.
Risk and Exploitability
Chromium rates the defect as Medium. No EPSS data is available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves a remote attacker hosting a malicious HTML page that a user visits; exploitation requires user interaction with the spoofed interface. Because Chrome is preinstalled on many devices, the potential for opportunistic exploitation exists, but upgrading to Chrome 150.0.7871.47 or later mitigates the risk.
OpenCVE Enrichment