CVE-2026-7361 Overview
A use after free vulnerability has been identified in the iOS implementation of Google Chrome prior to version 147.0.7727.138. This memory corruption flaw allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability has been classified as critical severity by the Chromium security team.
Critical Impact
Remote attackers can exploit this heap corruption vulnerability through specially crafted HTML pages, potentially leading to arbitrary code execution, data theft, or complete browser compromise on iOS devices.
Affected Products
- Google Chrome for iOS prior to version 147.0.7727.138
Discovery Timeline
- 2026-04-28 - CVE-2026-7361 published to NVD
- 2026-04-29 - Last updated in NVD database
Technical Details for CVE-2026-7361
Vulnerability Analysis
This vulnerability is classified as CWE-416 (Use After Free), a memory corruption vulnerability that occurs when a program continues to use memory after it has been freed. In the context of Google Chrome on iOS, this flaw exists within the browser's memory management routines when processing certain HTML content.
Use after free vulnerabilities are particularly dangerous because they can lead to heap corruption. When memory is freed but a pointer to that memory is still retained and subsequently dereferenced, an attacker can potentially manipulate the contents of that memory region before the dangling pointer is used. This can result in arbitrary code execution, information disclosure, or denial of service conditions.
The attack requires user interaction—specifically, the victim must navigate to a malicious web page containing the crafted HTML payload. Once triggered, the vulnerability could allow an attacker to execute arbitrary code within the context of the Chrome browser sandbox, potentially escaping to compromise the underlying iOS system.
Root Cause
The root cause of this vulnerability is improper memory lifecycle management in the iOS-specific code paths of Google Chrome. When certain HTML elements or JavaScript operations trigger specific memory allocation patterns, the browser incorrectly frees memory while retaining references to it. Subsequent operations that access this freed memory can lead to heap corruption, as the memory region may have been reallocated for different purposes.
Attack Vector
The attack vector for CVE-2026-7361 is network-based, requiring no privileges but necessitating user interaction. An attacker would need to:
- Craft a malicious HTML page containing the specific elements or JavaScript code that triggers the use after free condition
- Lure a victim to visit the malicious page (via phishing, malvertising, or compromised websites)
- The crafted page manipulates memory allocation and deallocation patterns to create the use after free condition
- The attacker leverages the heap corruption to gain code execution within the browser context
The vulnerability can be exploited entirely remotely without requiring any prior authentication or special privileges on the target system. For detailed technical information, refer to the Chromium Issue Tracker Entry.
Detection Methods for CVE-2026-7361
Indicators of Compromise
- Unusual Chrome browser crashes or instability on iOS devices, particularly when visiting unfamiliar websites
- Memory access violations or segmentation faults in Chrome crash logs referencing heap memory operations
- Unexpected network connections originating from Chrome to unknown external hosts following page visits
- Evidence of heap spray patterns in browser memory during forensic analysis
Detection Strategies
- Monitor for Chrome crash reports that indicate heap corruption or use after free memory access patterns
- Deploy network-based intrusion detection signatures to identify known exploitation patterns in HTTP/HTTPS traffic
- Utilize endpoint detection and response (EDR) solutions to monitor for anomalous browser behavior indicative of memory corruption exploitation
- Implement web content filtering to block access to known malicious domains serving exploit code
Monitoring Recommendations
- Enable Chrome crash reporting and regularly analyze crash dump data for signs of memory corruption attacks
- Monitor endpoint telemetry for unusual Chrome process behavior, including unexpected child processes or network activity
- Implement browser version auditing across your iOS fleet to identify devices running vulnerable Chrome versions
- Review web proxy logs for access patterns to newly registered or suspicious domains that may host exploit content
How to Mitigate CVE-2026-7361
Immediate Actions Required
- Update Google Chrome for iOS to version 147.0.7727.138 or later immediately on all managed devices
- Enable automatic updates for Chrome on iOS devices to ensure timely patching of future vulnerabilities
- Advise users to avoid clicking on links from untrusted sources until the update is applied
- Consider implementing web filtering solutions to block access to potentially malicious websites
Patch Information
Google has addressed this vulnerability in Chrome version 147.0.7727.138. The fix addresses the improper memory management that led to the use after free condition. Organizations should prioritize updating to this version or later.
For official patch details and release notes, see the Google Chrome Update Notice.
Workarounds
- If immediate patching is not possible, consider temporarily using an alternative browser on iOS devices until Chrome can be updated
- Implement strict web content filtering policies to reduce exposure to potentially malicious websites
- Enable Chrome's built-in Safe Browsing feature to provide additional protection against known malicious sites
- Educate users about the risks of visiting untrusted websites and clicking on suspicious links
# Verify Chrome version on iOS via MDM
# Check that installed version is >= 147.0.7727.138
# Example MDM query command (implementation varies by MDM solution)
mdm query --app "com.google.chrome.ios" --field version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
