Plattform
chrome
Komponente
google-chrome
Behoben in
146.0.7680.71
CVE-2026-3930 describes an unsafe navigation vulnerability discovered in Google Chrome for iOS. This flaw allows a remote attacker to bypass navigation restrictions by crafting a malicious HTML page. The vulnerability affects versions of Chrome on iOS prior to 146.0.7680.71. A fix has been released in version 146.0.7680.71.
An attacker could leverage this vulnerability to redirect users to unintended websites or content, potentially leading to phishing attacks or the spread of malware. The bypass of navigation restrictions means that security policies designed to control user access to specific websites could be circumvented. While the direct data exposure risk is limited, the redirection capability poses a significant threat, as users could be tricked into providing sensitive information on fake websites. The blast radius is broad, affecting any iOS user running a vulnerable version of Chrome.
This CVE was publicly disclosed on 2026-03-11. There are currently no publicly available proof-of-concept exploits. The Chromium security severity rating is Medium, suggesting a moderate probability of exploitation. It is not currently listed on the CISA KEV catalog.
Users of Google Chrome on iOS devices running versions prior to 146.0.7680.71 are at risk. This includes individuals who have not enabled automatic updates or are using older, unsupported devices. Shared iOS devices, such as those found in corporate or educational environments, are particularly vulnerable if users are not diligent about updating their applications.
• ios / mobile: Monitor Chrome's version number. Check for unusual redirects or pop-ups after visiting websites. Examine browser history for suspicious URLs.
# Check Chrome version (requires access to device)
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --versiondisclosure
Exploit-Status
EPSS
0.03% (7% Perzentil)
The primary mitigation for CVE-2026-3930 is to upgrade to Google Chrome version 146.0.7680.71 or later. If immediate upgrading is not possible, consider implementing stricter content security policies (CSP) within your web applications to limit the domains from which scripts and resources can be loaded. While a WAF cannot directly prevent this type of navigation bypass, it can help detect and block suspicious redirects. Regularly review and update Chrome installations across your organization to prevent future exploitation.
Aktualisieren Sie Google Chrome auf Ihrem iOS-Gerät auf Version 146.0.7680.71 oder höher. Dies behebt die unsichere Navigationsschwachstelle.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-3930 is a Medium severity vulnerability in Google Chrome on iOS that allows a crafted HTML page to bypass navigation restrictions, potentially leading to unauthorized access.
You are affected if you are using Google Chrome on iOS versions prior to 146.0.7680.71. Check your version by navigating to chrome://version.
Update Google Chrome on iOS to version 146.0.7680.71 or later. Ensure automatic updates are enabled for future security patches.
There are currently no confirmed reports of active exploitation, but the potential for phishing campaigns should be considered.
Refer to the official Google Security Blog for details: https://security.googleblog.com/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.