CVE-2026-13842
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
A vulnerability in Google Chrome on iOS prior to version 150.0.7871.47 allows a remote attacker to spoof the Omnibox (URL bar) contents via a crafted HTML page. The issue is due to inappropriate implementation in the Chrome for iOS component.
Risk Assessment
An attacker can display a fake URL to the user, facilitating phishing attacks and theft of login credentials or other sensitive information.
Recommendation
Immediately update Google Chrome on iOS to version 150.0.7871.47 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

