CVE-2026-13808
MediumCVSS 4.6Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
Insufficient data validation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. (Chromium security severity: High)
Risk Assessment
An attacker with physical access to the device could read sensitive data from the browser's memory, posing a risk of leaking credentials or other confidential information.
Recommendation
Immediately update Google Chrome on iOS to version 150.0.7871.47 or later and restrict physical access to devices running the browser.
Original NVD description (English source)
Insufficient data validation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. (Chromium security severity: High)

