CVE-2026-13915

Google · Chrome for iOS

A use-after-free vulnerability in Google Chrome for iOS allows remote attackers to potentially exploit memory corruption.

Executive summary

A critical use-after-free vulnerability in Google Chrome for iOS poses a high risk of memory corruption, potentially leading to arbitrary code execution.

Vulnerability

This vulnerability is a use-after-free flaw residing in the memory management logic of Chrome for iOS. An unauthenticated remote attacker could leverage this to cause a crash or execute arbitrary code by enticing a user to interact with a specially crafted web page.

Business impact

The vulnerability carries a CVSS score of 8.8, reflecting its potential to compromise the integrity and availability of the affected mobile device. Successful exploitation could lead to unauthorized code execution, resulting in the theft of sensitive session tokens, personal data compromise, or full device takeover, posing a significant risk to organizational mobility security.

Remediation

Immediate Action: Update Google Chrome for iOS to version 150 or later immediately via the Apple App Store.

Proactive Monitoring: Monitor device traffic for anomalous outbound connections to unknown domains that may indicate a post-exploitation callback.

Compensating Controls: Ensure that mobile device management (MDM) policies restrict the ability to install untrusted applications or profiles that might facilitate browser-based attacks.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the High severity of this memory corruption vulnerability, immediate action is required to secure mobile endpoints. Security administrators should prioritize the deployment of the latest browser updates to all managed iOS devices to mitigate the risk of remote exploitation.