Skip to content
feed: live
>_ 0dayNews
CVE Record
[ HIGH ] CVE-2026-15765

Chrome Ozone use-after-free

Use-after-free in Chrome's Ozone platform-abstraction layer. A remote attacker who convinces a user to perform specific UI gestures could exploit heap corruption via a crafted HTML page. Fixed in Chrome 150.0.7871.125.

cat cve-2026-15765.json
Vendor
Google
Product
Chrome (pre-150.0.7871.125)
CVSS
7.5
EPSS (exploit probability)
N/A
Status
patched
Published

CVE-2026-15765 is a use-after-free in Chromium’s Ozone platform-abstraction layer. NVD describes it as “a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.” NVD scores it 7.5 (high); Chromium’s internal severity is marked Critical.

The fix ships in Chrome 150.0.7871.125 (Windows and macOS 150.0.7871.124 or .125 per Chrome release notes). Sibling bug on Linux: CVE-2026-15764.

Full coverage: Firefox exploit code public; Chrome, Adobe patch same day.