Impact
A use‑after‑free flaw in Chrome for iOS prior to 150.0.7871.47 can lead to heap corruption when a remote attacker serves a crafted HTML page that causes a user to perform specific UI gestures. The vulnerability, categorized as CWE‑416, enables the attacker to potentially execute arbitrary code or trigger application crashes. Chromium indicates the severity as low, yet the presence of heap corruption still poses a non‑negligible risk for affected users.
Affected Systems
The impacted product is Google Chrome for iOS, specifically all releases older than 150.0.7871.47. No additional vendor or product variants are listed.
Risk and Exploitability
The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting a low exploitation probability. The likely attack vector involves a malicious web page that forces the user to perform certain UI gestures; this is inferred from the description, as explicit details are not provided. No public exploit references are known, and the absence of a KEV listing further implies limited real‑world exploitation to date.
OpenCVE Enrichment