Description
Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published: 2026-06-08
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw exists in the Ozone layer of Google Chrome on Linux prior to version 149.0.7827.103. A crafted HTML page can trigger lingering references to freed heap memory, leading to heap corruption that may culminate in arbitrary code execution or privilege escalation. This weakness is classified as CWE‑416 and has a high severity rating within Chromium’s security assessment.

Affected Systems

The vulnerability affects Google Chrome for Linux desktop builds that use the Ozone backend. Only installations earlier than 149.0.7827.103 are impacted; later releases contain the patch and are not affected.

Risk and Exploitability

Exploitability is not quantified by an EPSS score, but the absence of a score does not lower the potential threat. The flaw has a CVSS score of 8.8 and is not listed in CISA KEV, yet the attack vector is a remote attacker generating a malicious webpage that a user visits. Successful exploitation would corrupt the browser’s heap, potentially bypassing sandbox protections and allowing execution of attacker-supplied code while the user is logged in.

Generated by OpenCVE AI on June 9, 2026 at 12:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 149.0.7827.103 or newer on all Linux systems; the official update page https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html documents the fix.
  • Configure Chrome policy to enforce automatic updates and block untrusted web content until the update can be applied.
  • If an immediate update is infeasible, restrict user access to external websites or isolate browsing sessions through sandboxed profiles until the patched version is installed.

Generated by OpenCVE AI on June 9, 2026 at 12:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Title Use After Free in Chrome Ozone Leads to Potential Heap Corruption

Tue, 09 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Title Use After Free in Chrome Ozone Leads to Potential Heap Corruption

Tue, 09 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google chrome
Vendors & Products Google
Google chrome

Mon, 08 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Weaknesses CWE-416
References

Subscriptions

Google Chrome
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-09T10:24:23.808Z

Reserved: 2026-06-08T21:33:51.273Z

Link: CVE-2026-11681

cve-icon Vulnrichment

Updated: 2026-06-09T10:24:20.338Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T00:16:51.450

Modified: 2026-06-09T11:16:49.403

Link: CVE-2026-11681

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T13:00:05Z

Weaknesses