CVE-2026-14067
Google · Chrome for iOS
A use-after-free vulnerability in Google Chrome for iOS may allow an attacker to trigger memory corruption and execute arbitrary code.
Executive summary
A high-severity use-after-free vulnerability in Google Chrome for iOS creates a potential vector for unauthorized code execution on mobile devices.
Vulnerability
This vulnerability involves a use-after-free error in the iOS-specific implementation of the Chrome browser. An unauthenticated attacker can exploit this by enticing a user to navigate to a malicious website.
Business impact
Exploitation of this flaw could allow an attacker to bypass iOS security sandboxing, leading to unauthorized access to browser data or broader system impact. With a CVSS score of 8.8, the risk to mobile workforces using personal or corporate-managed iOS devices is significant, necessitating urgent patching.
Remediation
Immediate Action: Update the Chrome for iOS application via the Apple App Store to version 150 or later.
Proactive Monitoring: Review mobile device management (MDM) logs for outdated application versions across the mobile fleet.
Compensating Controls: Implement mobile threat defense (MTD) solutions that can detect and block access to malicious domains known for hosting exploit kits.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Mobile security is often overlooked; administrators should enforce application updates via MDM policies where possible. Users should be encouraged to enable automatic updates to ensure critical security patches for Chrome on iOS are applied without delay.