CVE-2026-13908
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
Insufficient validation of untrusted input in Omnibox in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via malicious network traffic.
Risk Assessment
The risk involves potential bypass of navigation restrictions, which could lead to redirecting users to malicious sites or displaying harmful content without their consent.
Recommendation
It is recommended to immediately update Google Chrome on iOS to version 150.0.7871.47 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Insufficient validation of untrusted input in Omnibox in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via malicious network traffic. (Chromium security severity: Medium)

