CVE Catalog

CVE-2026-13807

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

20th percentile — higher than 20% of all known CVEs

Summary

A use-after-free vulnerability was found in the Import feature of Google Chrome on iOS prior to version 150.0.7871.47. A remote attacker, by convincing a user to perform specific UI gestures, could execute arbitrary code via a malicious file.

Risk Assessment

The risk for the organization is remote code execution, potentially leading to device compromise, data theft, or lateral movement within the corporate network.

Recommendation

Immediately update Google Chrome on iOS to version 150.0.7871.47 or later, and educate users about the risks of opening files from untrusted sources.

Original NVD description (English source)

Use after free in Import in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS