CVE Catalog

CVE-2026-14075

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

Insufficient policy enforcement in Chrome for iOS prior to version 150.0.7871.47 allowed a remote attacker to bypass the no-referrer policy via a crafted HTML page.

Risk Assessment

An attacker could exploit this vulnerability to leak referrer information, potentially compromising user privacy and enabling further social engineering attacks.

Recommendation

Immediately update Chrome on iOS to version 150.0.7871.47 or later to remediate the vulnerability.

Original NVD description (English source)

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. (Chromium security severity: Low)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS