CVE-2026-9950

Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

CVE-2026-9950

Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

PT-2026-44663

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 148.0.7778.216 Description An inappropriate implementation in the iOS version of the browser allows a remote attacker to leak cross-origin data, which is information from a different origin than the one...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability, which was caused by improper implementations in iOS. This vulnerability could allow remote attackers to induce users to perform certain UI gestures, thereb...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. In versions of Google Chrome on iOS prior to 148.0.7778.216, there was a security vulnerability. This vulnerability stemmed from improper implementation in iOS, which could allow remote attackers to leak cross-source data through specially...

PT-2026-43074

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 151.1 Description Firefox for iOS incorrectly displayed specially crafted right-to-left RTL and internationalized domain names IDNs within link preview UI surfaces. A crafted RTL hostname could visually reorde...

ios-imessage-zero-click-exploit

CVE-2025-31200/31201 - iOS Zero-Click iMessage Exploit Chai...

PT-2026-42598

Summary The fileID field from Manifest.db a SQLite database inside iOS backups, generated by the device is used directly in filesystem path construction without validation. This affects two commands through a shared code path: - mvt-ios decrypt-backup decrypt.py: file id is used to construct both...

MAL-2026-4200 Malicious code in art-template (npm)

Versions 4.13.3, 4.13.5, and 4.13.6 of art-template were published after an npm account takeover and ship a tampered browser bundle lib/template-web.js that loads remote attacker-controlled JavaScript. The final payload is the Coruna iOS exploit kit, which targets Safari on iPhone and iPad and...

Astra Linux - уязвимость в webkit2gtk

A logic issue has been addressed through improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4, and iPadOS 14.4. A remote attacker may be able to execute arbitrary code. Apple is aware of a report indicating...

Astra Linux - уязвимость в chromium

Inappropriate implementations of navigation functions in Google Chrome on iOS before version 90.0.4430.72 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux - уязвимость в chromium

Insufficient policy enforcement in the iOS Security UI of Google Chrome prior to version 121.0.6167.85 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в webkit2gtk

A port redirection issue has been resolved with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4, and iPadOS 14.4, as well as Safari 14.0.3. A malicious website may be able t...

SUSE CVE-2026-8706

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

CVE-2026-8706

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

EUVD-2026-30943

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

CVE-2026-8706 Sensitive user data could be leaked to other applications through Reader mode

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

CVE-2026-8706

Summary: CVE-2026-8706 affects Firefox for iOS Reader mode when it runs its own unauthenticated local web server. The issue allows another app on the same device to request arbitrary URLs and receive the response rendered using the signed-in user’s cookies. Affected component: Firefox for iOS Rea...

Exploit for Type Confusion in Apple Safari

CVE-2024-23222 — WebKit Type Confusion → iOS 16.4.1 Sandbox Es...

Security Vulnerabilities fixed in Firefox for iOS 151.0 — Mozilla

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies...