Primary

Context

Google Chrome Use-After-Free Vulnerability in Internals on iOS

Vulnerability

Patched

A use-after-free vulnerability has been identified in Google Chrome on iOS, affecting versions prior to 127.0.6533.88. This vulnerability allows remote attackers to exploit heap corruption by convincing users to perform specific UI gestures. The issue arises in the NetExportMessageHandler component, where improper handling of asynchronous tasks can lead to memory corruption.

Impact

Exploitation of this vulnerability can cause a heap-use-after-free condition, leading to memory corruption that could be exploited to execute arbitrary code.

Reproduction

To reproduce this vulnerability, navigate to the 'chrome://net-export' page. Click the 'send email' option and immediately close the page. This sequence of actions triggers the use-after-free condition by interrupting the handling of the email export process, causing a heap memory corruption that can be exploited.

Remediation

Users should update to Google Chrome version 127.0.6533.88 or later, where this vulnerability has been fixed.

Added: Nov 14, 2025, 3:21 AM

Updated: Nov 14, 2025, 3:21 AM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

5.8

remediation

7.7

relevance

1.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

5.8

remediation

7.7

relevance

1.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Chrome Use-After-Free Vulnerability in Internals on iOS

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Google Chrome

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating