Description
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use after free vulnerability in Chrome for iOS allows a remote attacker to execute arbitrary code by serving a specially crafted HTML page. This flaw exploits a memory error where a freed object is accessed again, leading to the execution of attacker‑supplied code. Because the vulnerability is triggered by HTML content, a malicious web page or server can deliver the payload without any user interaction beyond browsing the page.

Affected Systems

The affected product is Google Chrome for iOS, versions earlier than 150.0.7871.47. Users running any pre‑150.0.7871.47 build are at risk.

Risk and Exploitability

The CVSS score indicates a low severity level, and the EPSS score is not available, so the overall exploitation probability is uncertain. The vulnerability is listed as not in CISA’s KEV catalog, suggesting that there are no confirmed active exploits in the wild; however, the attack vector relies on a crafted HTML page, so anyone who can deliver that page can potentially exploit the bug.

Generated by OpenCVE AI on July 1, 2026 at 01:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Google Chrome for iOS to version 150.0.7871.47 or newer to eliminate the use after free flaw
  • Use Chrome’s safe‑browsing features and avoid clicking unknown links or visiting suspicious websites
  • Stay informed of future security releases from Google and apply updates promptly

Generated by OpenCVE AI on July 1, 2026 at 01:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Title Use After Free in Chrome for iOS Enables Remote Code Execution via Crafted HTML

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:15.235Z

Reserved: 2026-06-29T23:11:35.466Z

Link: CVE-2026-14067

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T02:00:07Z

Weaknesses