CVE-2026-14099

Google · Chrome for iOS

A use-after-free vulnerability in Google Chrome for iOS prior to version 150 may allow an attacker to trigger memory corruption on mobile devices.

Executive summary

A high-severity use-after-free vulnerability affecting Google Chrome for iOS could result in arbitrary code execution and device compromise.

Vulnerability

This vulnerability is a use-after-free condition within the iOS implementation of the Chrome browser. The flaw allows for potential memory corruption, which could be exploited by a remote attacker if a user navigates to a specially crafted malicious webpage.

Business impact

Successful exploitation on mobile devices can grant an attacker unauthorized access to sensitive user data stored within the browser or the device itself. With a CVSS score of 8.8, this vulnerability poses a severe threat to mobile security, particularly in environments where employees access corporate resources via mobile devices.

Remediation

Immediate Action: Update Google Chrome for iOS via the Apple App Store to version 150 or later immediately.

Proactive Monitoring: Review mobile device management (MDM) logs for unusual browser activity or repeated application instability.

Compensating Controls: Encourage the use of managed browsers and VPNs to provide an additional layer of security for mobile traffic.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Mobile browsers are critical components of the modern security perimeter and must be maintained with the same urgency as desktop software. Administrators should enforce update policies across all mobile endpoints to ensure this high-severity vulnerability is remediated promptly.