Platform
chrome
Component
google-chrome
Fixed in
146.0.7680.71
CVE-2026-3930 describes an unsafe navigation vulnerability within Google Chrome on iOS. This flaw allows a remote attacker to bypass navigation restrictions through a specially crafted HTML page, potentially enabling unauthorized access or redirection. The vulnerability affects versions of Chrome on iOS prior to 146.0.7680.71, and a fix is available in version 146.0.7680.71.
The core impact of CVE-2026-3930 lies in the ability to circumvent Chrome's intended navigation safeguards. An attacker could embed malicious code within an HTML page that, when visited by a user, redirects them to a different website or application without their explicit consent. This could be used for phishing attacks, spreading malware, or gaining unauthorized access to sensitive data. The severity is classified as Medium, suggesting a moderate risk of exploitation given the need for a crafted HTML page and user interaction.
CVE-2026-3930 was publicly disclosed on 2026-03-11. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. Exploitation probability is considered low due to the requirement of a crafted HTML page and user interaction, but the potential for phishing campaigns leveraging this vulnerability should be considered.
Exploit Status
EPSS
0.03% (7% percentile)
The primary mitigation for CVE-2026-3930 is to immediately update Google Chrome on iOS to version 146.0.7680.71 or later. Users should ensure automatic updates are enabled to receive future security patches promptly. While no immediate workarounds exist beyond the update, users should exercise caution when visiting unfamiliar websites or clicking on links from untrusted sources. After upgrade, confirm the version by navigating to chrome://version within Chrome.
Update Google Chrome on your iOS device to version 146.0.7680.71 or later. This will resolve the unsafe navigation vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3930 is a Medium severity vulnerability in Google Chrome on iOS that allows a crafted HTML page to bypass navigation restrictions, potentially leading to unauthorized access.
You are affected if you are using Google Chrome on iOS versions prior to 146.0.7680.71. Check your version by navigating to chrome://version.
Update Google Chrome on iOS to version 146.0.7680.71 or later. Ensure automatic updates are enabled for future security patches.
There are currently no confirmed reports of active exploitation, but the potential for phishing campaigns should be considered.
Refer to the official Google Security Blog for details: https://security.googleblog.com/
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.