CVE Catalog

CVE-2026-10951

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Summary

A use after free vulnerability in Autofill in Google Chrome on iOS prior to version 149.0.7827.53 can be exploited by a remote attacker. The attacker can convince a user to perform specific UI gestures, potentially leading to heap corruption via a crafted HTML page.

Risk Assessment

This vulnerability poses a risk to users who may be targeted by remote attacks, potentially leading to system compromise. The high severity level indicates serious implications for data security.

Recommendation

It is recommended to update Google Chrome on iOS to the latest version to mitigate this vulnerability. Users should also avoid interacting with suspicious websites.

Original NVD description (English source)

Use after free in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS