Impact
A use after free vulnerability in Chrome for iOS allows a remote attacker to execute arbitrary code by serving a specially crafted HTML page. This flaw exploits a memory error where a freed object is accessed again, leading to the execution of attacker‑supplied code. Because the vulnerability is triggered by HTML content, a malicious web page or server can deliver the payload without any user interaction beyond browsing the page.
Affected Systems
The affected product is Google Chrome for iOS, versions earlier than 150.0.7871.47. Users running any pre‑150.0.7871.47 build are at risk.
Risk and Exploitability
The CVSS score indicates a low severity level, and the EPSS score is not available, so the overall exploitation probability is uncertain. The vulnerability is listed as not in CISA’s KEV catalog, suggesting that there are no confirmed active exploits in the wild; however, the attack vector relies on a crafted HTML page, so anyone who can deliver that page can potentially exploit the bug.
OpenCVE Enrichment