Impact
A use after free flaw in Chrome’s Ozone platform on Linux creates a heap corruption vulnerability. When a crafted HTML page causes the browser to perform specific user interface gestures, the corrupted heap can be leveraged to alter code execution flow. The description highlights the vulnerability’s potential for remote exploitation through user interaction, though it does not confirm code execution in every case.
Affected Systems
All Linux installations of Google Chrome prior to version 150.0.7871.47 are affected, because Ozone is used by these builds. The flaw is confined to the Chrome product and does not impact the operating system directly.
Risk and Exploitability
The CVE is rated Medium in Chromium’s internal severity scale, but no publicly available CVSS score is supplied and EPSS data is unavailable. The attacker must persuade a user to carry out certain UI actions, which limits attack breadth but still offers a pathway for heap corruption. CISA KEV lists the vulnerability as not yet exploited. The risk is moderate: the absence of an exploit in the wild reduces immediate threat, yet the vulnerability is capable of enabling remote code execution if the conditions are met.
OpenCVE Enrichment