Skip to main content

Google Chrome EUVD-2026-35228

| CVE-2026-11628 MEDIUM
Use After Free (CWE-416)
2026-06-09 chrome-cve-admin@google.com GHSA-3wm7-483h-66xg
Denial Of Service Use After Free Memory Corruption Google Red Hat Suse
Medium
Disputed · 6.8 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
NVD PRIMARY
6.8 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
CRITICAL
qualitative
Red Hat
6.6 HIGH
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 09, 2026 - 03:01 vuln.today
CVSS changed
Jun 09, 2026 - 02:22 NVD
6.8 (MEDIUM)
CVE Published
Jun 09, 2026 - 00:16 nvd
MEDIUM 6.8
CVE Published
Jun 09, 2026 - 00:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. (Chromium security severity: Critical)

AnalysisAI

Heap corruption via use-after-free in Chrome's Ozone display subsystem (versions prior to 149.0.7827.103) enables a local attacker with physical device access to achieve high-impact compromise across confidentiality, integrity, and availability. The CVSS vector (AV:P/AC:L/PR:N/UI:N) confirms physical presence is the primary prerequisite, with no authentication or user interaction required once access is obtained. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain physical access to unattended device
Delivery
Open or interact with Chrome browser
Exploit
Trigger use-after-free condition in Ozone display layer
Execution
Corrupt heap memory region
Impact
Execute arbitrary code within Chrome process
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Physical access to the target device is the explicit and mandatory prerequisite, as confirmed by the CVSS attack vector AV:P. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 6.8 reflects a meaningful tension: impact subscores are all High (C:H/I:H/A:H), but the attack vector is Physical (AV:P), which dramatically constrains real-world exploitability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker gains physical access to an unattended device running a vulnerable version of Chrome (prior to 149.0.7827.103) - for example, a shared workstation or unattended laptop. By interacting with the Chrome browser and triggering a specific sequence of operations within the Ozone display layer, the attacker causes a freed memory region to be referenced, enabling heap corruption. …
Remediation The primary remediation is to update Google Chrome to version 149.0.7827.103 or later, which includes the vendor-released fix for this use-after-free in Ozone. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
openSUSE Leap 16.0 Fixed
openSUSE Tumbleweed Fixed

Share

EUVD-2026-35228 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy