A high-severity privilege escalation vulnerability in Google Chrome on iOS allows remote attackers to manipulate the browser via crafted HTML pages.

The vulnerability stems from insufficient validation of untrusted input within the Reading List feature. An unauthenticated remote attacker can leverage this by convincing a user to perform specific UI gestures on a crafted HTML page to escalate privileges.

The CVSS score of 8.8 underscores the severity of this privilege escalation flaw. If exploited, an attacker could gain elevated control within the browser context on mobile devices, potentially leading to unauthorized access to sensitive user data or site credentials.

Immediate Action: Update the Google Chrome application on all iOS devices to version 149.0.7827.53 or later via the App Store.

Proactive Monitoring: Monitor mobile device management (MDM) reports to ensure all managed iOS devices have successfully updated to the latest version.

Compensating Controls: Educate users on the risks of interacting with untrusted web content or suspicious UI prompts while browsing on mobile devices.

Public Exploit Available: false

Mobile devices are critical vectors for organizational data. IT administrators should enforce the update to version 149.0.7827.53 immediately to mitigate the risk of privilege escalation and protect against unauthorized browser-based activity on iOS platforms.