Impact
A bug in Chrome for iOS before version 150.0.7871.47 allowed a remote attacker to trick a user into interacting with a webpage that visually mimicked legitimate application elements. The flaw arises from an improper handling of UI rendering on crafted HTML, enabling the attacker to superimpose malicious controls or messages over genuine interface controls. This can lead to phishing or credential theft because users may trust the deceptive UI to enter sensitive information.
Affected Systems
Google Chrome for iOS versions earlier than 150.0.7871.47 are affected. Any user running a vulnerable build of Chrome on iOS faces the risk when visiting a malicious web page.
Risk and Exploitability
The issue is a medium severity vulnerability. The exploit can be performed remotely over the network by loading a malicious HTML page in the browser; there is no local configuration requirement and no privileged execution. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, which suggests it has not yet been exploited at large. Nonetheless, the attack vector is feasible and the impact on a vulnerable user can be significant, especially for phishing scenarios.
OpenCVE Enrichment