CVE Catalog

CVE-2026-11628

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

1th percentile - higher than 1% of all known CVEs

Summary

Use after free in Ozone in Google Chrome prior to version 149.0.7827.103 allows a local attacker to potentially exploit heap corruption via physical access to the device.

Risk Assessment

An attacker with physical access to the device may exploit this vulnerability to gain control over the system, posing a serious security threat to the organization.

Recommendation

It is recommended to update Google Chrome to the latest version to mitigate this vulnerability and reduce risk.

Original NVD description (English source)

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. (Chromium security severity: Critical)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS