Description
Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the Safe Browsing component of Google Chrome on iOS. A crafted HTML page can cause Chrome to display a forged user interface through which a remote attacker can perform UI spoofing. This flaw is classified as medium severity by Chromium, indicating potential for deceptive user interactions but no direct code execution or data exfiltration is described.

Affected Systems

Google Chrome for iOS versions prior to 150.0.7871.47 are affected. The issue is present only on the iOS platform and does not affect Chrome builds for other operating systems.

Risk and Exploitability

Chromium rates the defect as Medium. No EPSS data is available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves a remote attacker hosting a malicious HTML page that a user visits; exploitation requires user interaction with the spoofed interface. Because Chrome is preinstalled on many devices, the potential for opportunistic exploitation exists, but upgrading to Chrome 150.0.7871.47 or later mitigates the risk.

Generated by OpenCVE AI on July 1, 2026 at 04:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome for iOS to version 150.0.7871.47 or later
  • If an update cannot be applied, disable the Safe Browsing feature in Chrome settings
  • Avoid interacting with untrusted web pages and suspicious UI elements

Generated by OpenCVE AI on July 1, 2026 at 04:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 04:45:00 +0000

Type Values Removed Values Added
Title UI Spoofing via Safe Browsing in Chrome for iOS
Weaknesses CWE-1025

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:18.911Z

Reserved: 2026-06-29T23:03:50.409Z

Link: CVE-2026-13912

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T04:30:06Z

Weaknesses
  • CWE-1025

    Comparison Using Wrong Factors