Description
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in Chrome for iOS before version 150.0.7871.47 allows a remote attacker to trigger heap corruption by serving a specially crafted HTML page. The vulnerability is tied to CWE‑416 and is classified by Chromium as a medium‑severity issue, indicating that it could lead to loss of confidentiality, integrity, or availability if successfully exploited.

Affected Systems

All users running Google Chrome on iOS devices with a browser version earlier than 150.0.7871.47 are affected. The flaw exists in the rendering engine that processes HTML content, so any page that a user visits could potentially trigger it.

Risk and Exploitability

The EPSS score is not available, so the current probability of exploitation is unknown. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a remote attacker delivering the malicious HTML from an external website, which the victim’s device would render. Because the flaw is a use‑after‑free, an attacker could potentially corrupt the heap and compromise the browser process, resulting in remote code execution or denial of service. The Medium severity rating suggests that the impact is significant if exploited.

Generated by OpenCVE AI on July 1, 2026 at 01:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome on iOS to version 150.0.7871.47 or later as the official fix is included in that release.
  • Keep automatic updates enabled on the device so future security patches are applied promptly.
  • Monitor Google’s Chrome release blog and Chromium issue tracker for additional updates or work‑arounds.

Generated by OpenCVE AI on July 1, 2026 at 01:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:00:00 +0000

Type Values Removed Values Added
Title Use‑after‑Free Vulnerability in Chrome iOS Enables Remote Heap Corruption

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:21.101Z

Reserved: 2026-06-29T23:03:51.849Z

Link: CVE-2026-13918

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T01:45:06Z

Weaknesses