Description
Incorrect security UI in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: 4.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An incorrect security UI in Chrome for iOS allows a remote attacker who convinces a user to perform specific gestures to spoof the interface using a crafted HTML page. This can trick users into interacting with a false UI, potentially leading to phishing or unauthorized actions, and is classified as an UI spoofing weakness (CWE-1131).

Affected Systems

All users running Google Chrome on iOS versions prior to 150.0.7871.47 are affected. The vulnerability exists only in the Chrome for iOS stable channel before that release.

Risk and Exploitability

The reported severity is low and no EPSS data is available, indicating a low probability of exploitation. However, because the attack requires user interaction with a remotely hosted page and the attacker can persuade users to follow specific gestures, the exploit is feasible in social‑engineering scenarios. The vulnerability is not listed in CISA’s KEV catalog.

Generated by OpenCVE AI on July 1, 2026 at 02:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome on iOS to version 150.0.7871.47 or later.
  • Avoid clicking unknown or suspicious links in Chrome until an update is installed.
  • Maintain the latest stable release of Chrome and iOS to benefit from future security patches.

Generated by OpenCVE AI on July 1, 2026 at 02:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:30:00 +0000

Type Values Removed Values Added
Title Chrome for iOS UI Spoofing Vulnerability Allowing Crafted Page Attacks
Weaknesses CWE-1131
CWE-451
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Incorrect security UI in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-07-01T01:57:16.257Z

Reserved: 2026-06-29T23:04:21.908Z

Link: CVE-2026-14028

cve-icon Vulnrichment

Updated: 2026-07-01T01:52:33.365Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:15:07Z

Weaknesses
  • CWE-1131
  • CWE-451

    User Interface (UI) Misrepresentation of Critical Information