Description
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in Chrome for iOS prior to 150.0.7871.47 can lead to heap corruption when a remote attacker serves a crafted HTML page that causes a user to perform specific UI gestures. The vulnerability, categorized as CWE‑416, enables the attacker to potentially execute arbitrary code or trigger application crashes. Chromium indicates the severity as low, yet the presence of heap corruption still poses a non‑negligible risk for affected users.

Affected Systems

The impacted product is Google Chrome for iOS, specifically all releases older than 150.0.7871.47. No additional vendor or product variants are listed.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting a low exploitation probability. The likely attack vector involves a malicious web page that forces the user to perform certain UI gestures; this is inferred from the description, as explicit details are not provided. No public exploit references are known, and the absence of a KEV listing further implies limited real‑world exploitation to date.

Generated by OpenCVE AI on July 1, 2026 at 03:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome for iOS to version 150.0.7871.47 or later
  • If a recent update is not available, block or disable JavaScript on untrusted sites using built‑in content‑blocking features
  • Use a reputable third‑party content blocker or safe‑browsing extension to reduce exposure to malicious HTML content

Generated by OpenCVE AI on July 1, 2026 at 03:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 04:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free Leading to Heap Corruption via Malicious HTML in Chrome for iOS

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:39:26.740Z

Reserved: 2026-06-29T23:11:41.952Z

Link: CVE-2026-14099

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T04:00:16Z

Weaknesses