CVE-2026-13915
Google · Chrome for iOS
A use-after-free vulnerability in Google Chrome for iOS allows remote attackers to potentially exploit memory corruption.
Executive summary
A critical use-after-free vulnerability in Google Chrome for iOS poses a high risk of memory corruption, potentially leading to arbitrary code execution.
Vulnerability
This vulnerability is a use-after-free flaw residing in the memory management logic of Chrome for iOS. An unauthenticated remote attacker could leverage this to cause a crash or execute arbitrary code by enticing a user to interact with a specially crafted web page.
Business impact
The vulnerability carries a CVSS score of 8.8, reflecting its potential to compromise the integrity and availability of the affected mobile device. Successful exploitation could lead to unauthorized code execution, resulting in the theft of sensitive session tokens, personal data compromise, or full device takeover, posing a significant risk to organizational mobility security.
Remediation
Immediate Action: Update Google Chrome for iOS to version 150 or later immediately via the Apple App Store.
Proactive Monitoring: Monitor device traffic for anomalous outbound connections to unknown domains that may indicate a post-exploitation callback.
Compensating Controls: Ensure that mobile device management (MDM) policies restrict the ability to install untrusted applications or profiles that might facilitate browser-based attacks.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the High severity of this memory corruption vulnerability, immediate action is required to secure mobile endpoints. Security administrators should prioritize the deployment of the latest browser updates to all managed iOS devices to mitigate the risk of remote exploitation.