CVE-2026-10958: Use after free in Google Chrome
CVE-2026-10958 is a use-after-free vulnerability in Google Chrome for iOS versions prior to 149. 0. 7827. 53. This flaw allows a remote attacker to execute arbitrary code by convincing a user to perform specific UI gestures on a crafted HTML page. The vulnerability has a high severity rating with a CVSS score of 8. 8, indicating significant potential impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported at this time. The vendor has published an advisory linked to a stable channel update, suggesting a fix is available in version 149. 0.
AI Analysis
Technical Summary
This vulnerability is a use-after-free issue in Google Chrome on iOS platforms before version 149.0.7827.53. It enables remote code execution when a user interacts with a maliciously crafted HTML page using specific UI gestures. The vulnerability is rated high severity with a CVSS 3.1 score of 8.8, reflecting its network attack vector, low attack complexity, no privileges required, user interaction needed, and high impact on confidentiality, integrity, and availability. The vendor's advisory indicates that the issue is addressed in Chrome version 149.0.7827.53.
Potential Impact
Successful exploitation could allow a remote attacker to execute arbitrary code on the affected device, potentially leading to full compromise of the browser environment and access to sensitive information or control over browser functions. The vulnerability affects confidentiality, integrity, and availability of the system. No known active exploits have been reported.
Mitigation Recommendations
Users should update Google Chrome on iOS to version 149.0.7827.53 or later, as this version contains the fix for the vulnerability. The vendor advisory linked confirms the availability of a stable channel update addressing this issue. No additional mitigation steps are indicated by the vendor.
CVE-2026-10958: Use after free in Google Chrome
Description
CVE-2026-10958 is a use-after-free vulnerability in Google Chrome for iOS versions prior to 149. 0. 7827. 53. This flaw allows a remote attacker to execute arbitrary code by convincing a user to perform specific UI gestures on a crafted HTML page. The vulnerability has a high severity rating with a CVSS score of 8. 8, indicating significant potential impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported at this time. The vendor has published an advisory linked to a stable channel update, suggesting a fix is available in version 149. 0.
CVSS v3.1
Score 8.8high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability is a use-after-free issue in Google Chrome on iOS platforms before version 149.0.7827.53. It enables remote code execution when a user interacts with a maliciously crafted HTML page using specific UI gestures. The vulnerability is rated high severity with a CVSS 3.1 score of 8.8, reflecting its network attack vector, low attack complexity, no privileges required, user interaction needed, and high impact on confidentiality, integrity, and availability. The vendor's advisory indicates that the issue is addressed in Chrome version 149.0.7827.53.
Potential Impact
Successful exploitation could allow a remote attacker to execute arbitrary code on the affected device, potentially leading to full compromise of the browser environment and access to sensitive information or control over browser functions. The vulnerability affects confidentiality, integrity, and availability of the system. No known active exploits have been reported.
Mitigation Recommendations
Users should update Google Chrome on iOS to version 149.0.7827.53 or later, as this version contains the fix for the vulnerability. The vendor advisory linked confirms the availability of a stable channel update addressing this issue. No additional mitigation steps are indicated by the vendor.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Chrome
- Date Reserved
- 2026-06-04T17:06:15.717Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html","vendor":"Google"}]
Threat ID: 6a220805e29bf47b50dbacfe
Added to database: 6/4/2026, 11:19:33 PM
Last enriched: 6/5/2026, 2:48:31 AM
Last updated: 6/5/2026, 4:19:22 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.