Impact
Insufficient policy enforcement in the Autofill feature of Google Chrome on iOS before version 150.0.7871.47 permits a remote attacker to cause the browser to leak cross‑origin data. By convincing a user to perform specific, user‑initiated UI gestures on a crafted web page, the attacker can extract information that should be isolated to other origins. The published severity for this issue is labeled medium, indicating a noticeable risk to privacy but not a direct compromise of system integrity or availability.
Affected Systems
The vulnerable product is Google Chrome on iOS. All releases earlier than 150.0.7871.47 are affected; versions 150.0.7871.47 and newer include the fix.
Risk and Exploitability
The CVSS rating describes a medium‑severity flaw; exploitation requires the victim to interact with a malicious page, implying a user‑interaction prerequisite. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. While the attack vector is remote (user loaded page), the need for user gestures lowers the likelihood of automated exploitation but does not eliminate it.
OpenCVE Enrichment