CVE Catalog

CVE-2026-13808

MediumCVSS 4.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

Insufficient data validation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. (Chromium security severity: High)

Risk Assessment

An attacker with physical access to the device could read sensitive data from the browser's memory, posing a risk of leaking credentials or other confidential information.

Recommendation

Immediately update Google Chrome on iOS to version 150.0.7871.47 or later and restrict physical access to devices running the browser.

Original NVD description (English source)

Insufficient data validation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS