CVE Catalog

CVE-2026-13850

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

Insufficient validation of untrusted input in Chrome for iOS prior to version 150.0.7871.47 allows a local attacker to execute arbitrary code inside a sandbox via a malicious file.

Risk Assessment

The risk involves local arbitrary code execution within the sandbox, potentially leading to data compromise or further privilege escalation on the device.

Recommendation

Immediately update Google Chrome on iOS to version 150.0.7871.47 or later.

Original NVD description (English source)

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS