Impact
An incorrect security UI in Chrome for iOS allows a remote attacker who convinces a user to perform specific gestures to spoof the interface using a crafted HTML page. This can trick users into interacting with a false UI, potentially leading to phishing or unauthorized actions, and is classified as an UI spoofing weakness (CWE-1131).
Affected Systems
All users running Google Chrome on iOS versions prior to 150.0.7871.47 are affected. The vulnerability exists only in the Chrome for iOS stable channel before that release.
Risk and Exploitability
The reported severity is low and no EPSS data is available, indicating a low probability of exploitation. However, because the attack requires user interaction with a remotely hosted page and the attacker can persuade users to follow specific gestures, the exploit is feasible in social‑engineering scenarios. The vulnerability is not listed in CISA’s KEV catalog.
OpenCVE Enrichment