Impact
The vulnerability is a use‑after‑free in the Ozone windowing backend of Google Chrome that exists in versions before 150.0.7871.115. A carefully constructed HTML page can trigger a heap corruption, which may ultimately allow an attacker to execute arbitrary code on the compromised machine. The weakness corresponds to CWE‑416 and is classified as Critical by Chromium’s security team.
Affected Systems
Google Chrome binaries released before version 150.0.7871.115 – that includes Chromium 149.x and earlier on all platforms that use the Ozone backend. Users of these browsers, especially on Linux systems that compile with Ozone, are impacted.
Risk and Exploitability
Although the security severity is Critical, no exploit is publicly documented and the EPSS score is < 1%. The problem is likely exploitable via a malicious website, so any user who opens a crafted page could be affected. The vulnerability is not listed in the CISA KEV catalog. Prompt patching mitigates the risk.
OpenCVE Enrichment