CVE-2026-13807
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
A use-after-free vulnerability was found in the Import feature of Google Chrome on iOS prior to version 150.0.7871.47. A remote attacker, by convincing a user to perform specific UI gestures, could execute arbitrary code via a malicious file.
Risk Assessment
The risk for the organization is remote code execution, potentially leading to device compromise, data theft, or lateral movement within the corporate network.
Recommendation
Immediately update Google Chrome on iOS to version 150.0.7871.47 or later, and educate users about the risks of opening files from untrusted sources.
Original NVD description (English source)
Use after free in Import in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. (Chromium security severity: High)

