Description
Use after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Published: 2026-06-30
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw exists in the Ozone layer of Google Chrome, allowing a maliciously crafted HTML page to trigger unintended use of freed memory and execute arbitrary native code. The weakness is classified as CWE‑416, and the Chromium security team rates it as critical. Any compromised code path can compromise the confidentiality, integrity, and availability of the system on which the browser runs, potentially enabling full system takeover.

Affected Systems

The vulnerability affects all installations of Google Chrome prior to version 150.0.7871.47 on desktop platforms. Users with earlier releases have an unpatched memory‑management flaw in the Ozone backend that can be exercised through a specially crafted HTML document.

Risk and Exploitability

The EPSS score is unavailable, indicating no quantified exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Attackers can deliver a crafted HTML page via any web‑based or local channel, rendering the page in Chrome and triggering the use‑after‑free. Once triggered, native code runs with the privileges of the Chrome process, enabling arbitrary code execution without additional user interaction.

Generated by OpenCVE AI on July 1, 2026 at 03:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chrome to version 150.0.7871.47 or later
  • Ensure the browser’s auto‑update feature is enabled so security patches are received automatically
  • Use an up‑to‑date web‑filtering solution or browser extension that blocks malicious or suspicious web content to reduce the likelihood that a crafted page is rendered

Generated by OpenCVE AI on July 1, 2026 at 03:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 03:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Chrome Ozone Enabling Remote Code Execution via Crafted HTML

Tue, 30 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description Use after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2026-06-30T22:37:32.366Z

Reserved: 2026-06-29T23:03:17.358Z

Link: CVE-2026-13786

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T03:15:15Z

Weaknesses