Chrome Ozone use-after-free on Linux
Use-after-free in the Ozone platform-abstraction layer on Chrome for Linux. A remote attacker who convinces a user to perform specific UI gestures could exploit heap corruption via a crafted HTML page. Fixed in Chrome 150.0.7871.125.
- Vendor
- Product
- Chrome for Linux (pre-150.0.7871.125)
- CVSS
- 7.5
- EPSS (exploit probability)
- N/A
- Status
- patched
- Published
CVE-2026-15764 is a use-after-free vulnerability in Ozone — Chromium’s platform-abstraction layer for window/graphics primitives — on Linux. Per NVD: “a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.” NVD scores it 7.5 (high); Chromium’s internal severity is marked Critical.
The fix ships in Chrome 150.0.7871.125 for Linux. Chrome auto-updates on relaunch — verify that managed installs actually restarted rather than assuming an “auto-update” checkbox is enough.
See CVE-2026-15765 for the sibling bug in the same release. Full coverage: Firefox exploit code public; Chrome, Adobe patch same day.
