CVE Catalog

CVE-2026-13908

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

Insufficient validation of untrusted input in Omnibox in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via malicious network traffic.

Risk Assessment

The risk involves potential bypass of navigation restrictions, which could lead to redirecting users to malicious sites or displaying harmful content without their consent.

Recommendation

It is recommended to immediately update Google Chrome on iOS to version 150.0.7871.47 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Insufficient validation of untrusted input in Omnibox in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via malicious network traffic. (Chromium security severity: Medium)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS