Impact
A use‑after‑free flaw in Chrome for iOS before version 150.0.7871.47 allows a remote attacker to trigger heap corruption by serving a specially crafted HTML page. The vulnerability is tied to CWE‑416 and is classified by Chromium as a medium‑severity issue, indicating that it could lead to loss of confidentiality, integrity, or availability if successfully exploited.
Affected Systems
All users running Google Chrome on iOS devices with a browser version earlier than 150.0.7871.47 are affected. The flaw exists in the rendering engine that processes HTML content, so any page that a user visits could potentially trigger it.
Risk and Exploitability
The EPSS score is not available, so the current probability of exploitation is unknown. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a remote attacker delivering the malicious HTML from an external website, which the victim’s device would render. Because the flaw is a use‑after‑free, an attacker could potentially corrupt the heap and compromise the browser process, resulting in remote code execution or denial of service. The Medium severity rating suggests that the impact is significant if exploited.
OpenCVE Enrichment