Description
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An inappropriate implementation in Chrome for iOS permits a remote attacker to perform UI spoofing through a specially crafted HTML page. The attack lets an adversary create deceptive user interfaces that can mislead users into believing they are interacting with a legitimate site or service, potentially facilitating phishing or credential theft. As the vulnerability is client‑side it compromises user confidentiality, can deteriorate trust in the browser’s integrity, and may lead to broader compromise if users act on the spoofed content.

Affected Systems

Google Chrome for iOS versions prior to 150.0.7871.47 are affected. The issue applies to all iOS devices running Chrome before that release.

Risk and Exploitability

The CVE has a medium severity rating and there is no EPSS data, indicating a low publicly known exploitation probability; it is not listed in CISA’s KEV inventory. The likely attack vector is a web‑based exploit where the attacker hosts a crafted page and lures a user to view it in an unpatched Chrome on iOS. If successful, the adversary can trick the user and potentially exfiltrate sensitive information or credentials.

Generated by OpenCVE AI on July 1, 2026 at 02:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome for iOS to version 150.0.7871.47 or newer.
  • For organizations using Chrome Enterprise, enforce automatic updates and consider a deployment of the Chrome Update Policy to ensure timely patching.
  • Maintain vigilant awareness and user education about phishing sites, and block suspicious domains via device or network‑level controls.

Generated by OpenCVE AI on July 1, 2026 at 02:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 03:15:00 +0000

Type Values Removed Values Added
Title UI Spoofing via Crafted HTML Page in Google Chrome for iOS
Weaknesses CWE-79

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:20.370Z

Reserved: 2026-06-29T23:03:51.359Z

Link: CVE-2026-13916

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T03:00:12Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')