Impact
Chrome for iOS contains a use‑after‑free bug that corrupts its heap when a user interacts with a specially crafted web page, potentially enabling a remote attacker to execute arbitrary code. The flaw requires the victim to view malicious content and perform specific UI gestures, after which the corrupted memory can be leveraged to compromise the device. This issue stems from the rendering engine, so exploitation could give an attacker full control of the browser process.
Affected Systems
Google Chrome for iOS versions prior to 150.0.7871.47 are vulnerable; any device running this browser without the 150.0.7871.47 update is at risk.
Risk and Exploitability
The CVSS severity is medium, the EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating no known widespread exploitation. However, the requirement for social engineering—convincing a user to open malicious content and perform gestures—adds complexity, so exploitation is moderately likely but the potential for remote code execution remains high enough to warrant prompt patching.
OpenCVE Enrichment