Impact
Chrome for iOS does not correctly validate untrusted input, enabling a crafted HTML page to cause the browser to navigate to an arbitrary URL. The weakness is identified as CWE‑20. The result is a navigation bypass that could be used to load malicious content; based on the description, it is inferred that an attacker might exploit this to direct users to phishing sites or other harmful destinations.
Affected Systems
Google Chrome for iOS versions prior to 150.0.7871.47 are affected. Users on those releases are vulnerable until they upgrade to the fixed version or later.
Risk and Exploitability
The vulnerability is rated low severity and is not listed in the CISA KEV catalog. EPSS data is not available, indicating no known exploitation probability. Attackers would need to serve a crafted HTML page to the target device, making the exploitation path remote. Because any device that opens such a page is potentially affected, the risk of widespread impact exists, although no public exploitation has been reported.
OpenCVE Enrichment