CVE Catalog

CVE-2026-13854

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

A Use-After-Free vulnerability in the Ozone component of Google Chrome on Linux prior to version 150.0.7871.47 allows a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. The issue has a high Chromium security severity.

Risk Assessment

An attacker can break out of the browser sandbox, gaining access to the underlying operating system and potentially taking full control of the host, posing a serious risk to data confidentiality and integrity.

Recommendation

Immediately update Google Chrome on Linux systems to version 150.0.7871.47 or later. Implement automatic update mechanisms and restrict browser process privileges.

Original NVD description (English source)

Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vulnerability data from NVD (NIST) · CISA KEV · EPSS