Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Remote crafted page (AV:N), no privileges (PR:N) but mandatory user gestures (UI:R); UAF heap corruption in the browser process yields full C/I/A within an unchanged scope.
Primary rating from Vendor (google).
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
AnalysisAI
Use-after-free in Google Chrome's Ozone component on Linux prior to 150.0.7871.47 lets a remote attacker trigger heap corruption after luring a user to a crafted HTML page and inducing specific UI gestures. Rated CVSS 8.8 with high confidentiality, integrity and availability impact, it is patched in the stable channel but requires user interaction (UI:R). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a Linux build of Chrome older than 150.0.7871.47 rendering an attacker-crafted HTML page, AND the victim performing 'specific UI gestures' - per the description this user interaction is a hard prerequisite (reflected in CVSS UI:R), not incidental. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a crafted HTML page and social-engineers a Linux Chrome user into visiting it and performing particular UI interactions (the specific gestures the bug requires). Those gestures drive the Ozone code path that reuses freed heap memory, corrupting the heap and giving the attacker a memory-corruption primitive that could be developed toward code execution in the browser process. … |
| Remediation | Vendor-released patch: update Google Chrome on Linux to 150.0.7871.47 or later via the stable channel, then fully restart the browser to load the new binary; enterprise fleets should push the update through their managed Chrome/repository channel and verify the running version. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory Chrome deployments on Linux systems and identify user populations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allVendor StatusVendor
SUSE
Severity: Important| Product | Status |
|---|---|
| SUSE Package Hub 15 SP7 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Package Hub 15 SP7 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40712
GHSA-2x2m-wp42-98x6