CVE Catalog
CVE-2026-14075
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk0.19%
9th percentile — higher than 9% of all known CVEs
Summary
Insufficient policy enforcement in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to bypass the no-referrer policy via a crafted HTML page.
Risk Assessment
An attacker could exploit this vulnerability to leak referrer information, potentially compromising user privacy and enabling further social engineering attacks.
Recommendation
Immediately update Chrome on iOS to version 150.0.7871.47 or later to remediate the vulnerability.
Original NVD description (English source)
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. (Chromium security severity: Low)

