Impact
An inappropriate implementation in Chrome for iOS permits a remote attacker to perform UI spoofing through a specially crafted HTML page. The attack lets an adversary create deceptive user interfaces that can mislead users into believing they are interacting with a legitimate site or service, potentially facilitating phishing or credential theft. As the vulnerability is client‑side it compromises user confidentiality, can deteriorate trust in the browser’s integrity, and may lead to broader compromise if users act on the spoofed content.
Affected Systems
Google Chrome for iOS versions prior to 150.0.7871.47 are affected. The issue applies to all iOS devices running Chrome before that release.
Risk and Exploitability
The CVE has a medium severity rating and there is no EPSS data, indicating a low publicly known exploitation probability; it is not listed in CISA’s KEV inventory. The likely attack vector is a web‑based exploit where the attacker hosts a crafted page and lures a user to view it in an unpatched Chrome on iOS. If successful, the adversary can trick the user and potentially exfiltrate sensitive information or credentials.
OpenCVE Enrichment