HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-13843Published Modified CNA Chrome

CVE-2026-13843: Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
150.0.7871.47
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is an insufficient input validation vulnerability in Google Chrome for iOS, affecting all versions prior to 150.0.7871.47. A remote attacker who has already compromised the Chrome renderer process can exploit this flaw over the network by luring a victim to a crafted HTML page, with no authentication required. Successful exploitation enables a sandbox escape, granting the attacker capabilities beyond the renderer's restricted environment, including full access to confidential data, the ability to tamper with data, and disruption of service. A patched-image rebuild at version 150.0.7871.47 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-13843 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of publication from upstream feeds, covering both third-party and custom-built images in customer registries and CI/CD pipelines.

Available
Triage

HarborGuard is capable of scoring this CVE at its full CVSS v3.1 rating of 9.6 (Critical) and weighting it against each customer organization's compliance policy to route actionable alerts to the appropriate team inbox.

Available
Patch

A patched-image rebuild pinned to Chrome for iOS version 150.0.7871.47 is available on HarborGuard for environments running an affected version. For customers who opt into auto-remediation, HarborGuard can trigger a rebuild, run a regression test suite, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the victim over the network, as the exploit is delivered via a remote crafted HTML page.

  • AuthenticationNot required

    No authentication or account credentials are needed; the attacker operates entirely as an unauthenticated remote party.

  • Victim interactionRequired

    The victim must navigate to or be redirected to a crafted HTML page, requiring at least minimal social engineering.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other environmental factors beyond a prior renderer compromise.

Blast Radius

  • A successful sandbox escape lets the attacker read arbitrary data stored in or accessible to the Chrome process on the device, including session tokens, cookies, and cached credentials.
  • The attacker gains the ability to write or modify data outside the renderer sandbox, including files and application state the compromised process would not normally touch.
  • The attacker can crash or destabilize the browser and any dependent services on the affected iOS device, causing denial of service.
  • Because the CVSS scope is changed (S:C), impact extends beyond the Chrome sandbox itself to other components on the host system.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-13843 is active across all connected registries and pipelines, matched against any image shipping a vulnerable version of Chrome for iOS below 150.0.7871.47. A patched-image rebuild at the fixed version is available immediately. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test, and opens a pull request against affected workloads; for high and critical severity issues, the median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, triage findings are routed to the designated team inbox with full CVSS context and policy weighting attached.

See how HarborGuard automates this

Fix available

150.0.7871.47
Affected packages
  • Google / Chrome
    < 150.0.7871.47 (from 150.0.7871.47)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H