Description
Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Published: 2026-05-28
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use-after-free flaw in Google Chrome for iOS that permits an attacker to force a user to perform specific UI gestures on a crafted HTML page. When the gesture is performed, the affected memory location is accessed after it has been freed, allowing arbitrary code execution. This gives an attacker full control over the device, enabling the compromise of secrets, data exfiltration, or further malware installation.

Affected Systems

Google Chrome for iOS versions earlier than 148.0.7778.216 are affected. The flaw is limited to iOS Chrome; other browsers or Chrome on other platforms were not impacted.

Risk and Exploitability

The flaw carries a high severity rating from Chromium, with a CVSS score of 7.5, but its exploit requires user interaction in a web page. The EPSS is not available, and the vulnerability is not in the CISA KEV catalog. Attackers must convince a user to perform specific gestures while viewing a malicious page, which lowers the likelihood of exploitation but still poses a significant risk to users who visit untrusted sites. Once exploited, the attacker can gain arbitrary code execution privileges on the device.

Generated by OpenCVE AI on May 29, 2026 at 13:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Google Chrome for iOS to version 148.0.7778.216 or later, which contains the memory management fix that prevents the use-after-free.
  • Avoid visiting untrusted or suspicious websites until a patch is available to reduce the chance of the required user interaction.
  • If an update cannot be applied immediately, consider disabling or removing Chrome temporarily as a short-term preventive measure.

Generated by OpenCVE AI on May 29, 2026 at 13:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple iphone Os
CPEs cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple iphone Os

Fri, 29 May 2026 13:30:00 +0000

Type Values Removed Values Added
Title iOS Chrome Use-After-Free Allows Remote Code Execution via Crafted Web Page

Fri, 29 May 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Fri, 29 May 2026 00:30:00 +0000

Type Values Removed Values Added
Title iOS Chrome Use-After-Free Allows Remote Code Execution via Crafted Web Page

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Apple Iphone Os
Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-05-29T10:59:51.183Z

Reserved: 2026-05-28T17:24:59.749Z

Link: CVE-2026-9956

cve-icon Vulnrichment

Updated: 2026-05-29T10:27:52.601Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T23:16:53.797

Modified: 2026-05-29T16:20:09.000

Link: CVE-2026-9956

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T13:15:30Z

Weaknesses