CVE Catalog

CVE-2026-13795

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

Insufficient policy enforcement in Chrome for iOS prior to 150.0.7871.47 allows a remote attacker to bypass navigation restrictions via a crafted HTML page. The vulnerability has a Chromium security severity of High.

Risk Assessment

An attacker could exploit this flaw to redirect users to malicious sites or bypass browser security controls, potentially leading to data theft or further compromise.

Recommendation

Immediately update Chrome on iOS to version 150.0.7871.47 or later, which includes the fix for this vulnerability.

Original NVD description (English source)

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS