← Back to CVE feed
CVE-2026-13862
Description
Insufficient policy enforcement in Web Authentication (Passkeys & Security Keys) in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NAffected Products
apple/iphone_os
google/chrome