Description
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A bug in Chrome for iOS before version 150.0.7871.47 allowed a remote attacker to trick a user into interacting with a webpage that visually mimicked legitimate application elements. The flaw arises from an improper handling of UI rendering on crafted HTML, enabling the attacker to superimpose malicious controls or messages over genuine interface controls. This can lead to phishing or credential theft because users may trust the deceptive UI to enter sensitive information.

Affected Systems

Google Chrome for iOS versions earlier than 150.0.7871.47 are affected. Any user running a vulnerable build of Chrome on iOS faces the risk when visiting a malicious web page.

Risk and Exploitability

The issue is a medium severity vulnerability. The exploit can be performed remotely over the network by loading a malicious HTML page in the browser; there is no local configuration requirement and no privileged execution. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, which suggests it has not yet been exploited at large. Nonetheless, the attack vector is feasible and the impact on a vulnerable user can be significant, especially for phishing scenarios.

Generated by OpenCVE AI on July 1, 2026 at 04:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome for iOS to version 150.0.7871.47 or later.
  • Enable Chrome’s Safe Browsing feature to flag suspicious web content.
  • Educate users to verify UI authenticity and avoid entering credentials on unfamiliar pages.

Generated by OpenCVE AI on July 1, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 04:45:00 +0000

Type Values Removed Values Added
Title UI Spoofing via Crafted HTML Page in Chrome for iOS
Weaknesses CWE-79

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:38:43.913Z

Reserved: 2026-06-29T23:04:07.400Z

Link: CVE-2026-13980

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T04:30:06Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')