PatchSiren cyber security CVE debrief
CVE-2026-10958 Google CVE debrief
CVE-2026-10958 is a high-severity vulnerability in Google Chrome for iOS prior to version 149.0.7827.53. This use-after-free vulnerability allows a remote attacker to execute arbitrary code on an affected device via a crafted HTML page when a user engages in specific UI gestures.
- Vendor
- Product
- Chrome
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-06
Who should care
Users of Google Chrome on iOS prior to version 149.0.7827.53, as well as administrators and security teams responsible for managing and securing Chrome installations.
Technical summary
The vulnerability is caused by a use-after-free issue in Google Chrome for iOS. This occurs when the browser attempts to access memory that has already been freed, allowing an attacker to potentially execute arbitrary code.
Defensive priority
High
Recommended defensive actions
- Update Google Chrome for iOS to version 149.0.7827.53 or later.
- Ensure that users are aware of the risks associated with engaging in specific UI gestures on untrusted websites.
Evidence notes
The CVE-2026-10958 vulnerability has a CVSS score of 8.8 and is classified as High severity. It was published on 2026-06-04T23:16:58.787Z and modified on 2026-06-06T01:56:39.193Z.
Official resources
-
CVE-2026-10958 CVE record
CVE.org
-
CVE-2026-10958 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-10958 was published on 2026-06-04T23:16:58.787Z and modified on 2026-06-06T01:56:39.193Z.