Description
Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Published: 2026-06-04
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in Ozone, the graphics stack in Google Chrome on Linux, can corrupt heap memory when an attacker crafts a specific HTML page and convinces a user to perform particular UI gestures. If the heap corruption succeeds, the attacker may obtain arbitrary code execution with the privileges of the Chrome process. The flaw is a critical security issue, classified as a use‑after‑free (CWE‑416).

Affected Systems

Google Chrome for Linux versions earlier than 149.0.7827.53 are affected. The vulnerability does not affect other operating systems.

Risk and Exploitability

No EPSS data is available, and the vulnerability is not listed in CISA’s KEV catalog. However, the CVSS score of 7.5 indicates a high risk if an attacker can convince a user to load a malicious page. The attack vector requires client‑side execution: the victim must view a crafted web page and perform a specific set of user interface gestures. With the described conditions, successful exploitation would allow an attacker to gain execution privileges on the user’s machine.

Generated by OpenCVE AI on June 5, 2026 at 05:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Chrome to version 149.0.7827.53 or newer
  • Enforce automatic Chrome updates through enterprise policy
  • Inform users to avoid interacting with untrusted or suspicious web pages

Generated by OpenCVE AI on June 5, 2026 at 05:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free Heap Corruption in Chrome Ozone on Linux

Fri, 05 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-05T01:45:35.697Z

Reserved: 2026-06-04T17:05:59.148Z

Link: CVE-2026-10899

cve-icon Vulnrichment

Updated: 2026-06-05T01:45:31.947Z

cve-icon NVD

Status : Received

Published: 2026-06-04T23:16:51.597

Modified: 2026-06-05T02:16:52.847

Link: CVE-2026-10899

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T06:00:06Z

Weaknesses