CVE Catalog

CVE-2026-13842

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile — higher than 13% of all known CVEs

Summary

A vulnerability in Google Chrome on iOS prior to version 150.0.7871.47 allows a remote attacker to spoof the Omnibox (URL bar) contents via a crafted HTML page. The issue is due to inappropriate implementation in the Chrome for iOS component.

Risk Assessment

An attacker can display a fake URL to the user, facilitating phishing attacks and theft of login credentials or other sensitive information.

Recommendation

Immediately update Google Chrome on iOS to version 150.0.7871.47 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS