Description
Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an input validation flaw (CWE-20) that allows a remote attacker to manipulate user input in Chrome for iOS. By presenting a specially crafted HTML page and convincing a user to perform specific UI gestures, the attacker can bypass the browser’s navigation restrictions. This can enable the unintended loading of malicious sites or content, potentially leading to phishing or social engineering attacks.

Affected Systems

Affected vendor: Google. Product: Chrome for iOS. Versions prior to 150.0.7871.47 are susceptible. No other versions were listed as affected.

Risk and Exploitability

The exploit requires remote delivery of a malicious page and social engineering to persuade the user to perform a gesture, so active user interaction is a prerequisite. The EPSS metric is not available and the vulnerability is not listed in the CISA KEV catalog. Chromium rates the severity as Medium, which suggests a moderate risk if the user follows the attack instructions. The attack path therefore is feasible but not blastable, making patching and user awareness appropriate mitigations.

Generated by OpenCVE AI on July 1, 2026 at 01:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome for iOS to version 150.0.7871.47 or later
  • Ensure automatic updates are enabled on iOS devices so the browser patches are applied promptly
  • Warn users not to perform unfamiliar UI gestures after visiting an unexpected or suspicious website

Generated by OpenCVE AI on July 1, 2026 at 01:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:00:00 +0000

Type Values Removed Values Added
Title Chrome for iOS Navigation Restriction Bypass via Crafted HTML and UI Gestures

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-20
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:20.737Z

Reserved: 2026-06-29T23:03:51.611Z

Link: CVE-2026-13917

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T01:45:06Z

Weaknesses
  • CWE-20

    Improper Input Validation