CVE Catalog

CVE-2026-13905

MediumCVSS 4.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.09%

1th percentile — higher than 1% of all known CVEs

Summary

A race condition in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. The vulnerability has a medium severity rating according to Chromium.

Risk Assessment

An attacker with physical access to the device could read sensitive data from the browser's memory, posing a risk of data leakage such as passwords or session tokens.

Recommendation

Immediately update Google Chrome on iOS to version 150.0.7871.47 or later to remediate the vulnerability.

Original NVD description (English source)

Race in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS