cve-2026-11628

About this tag
CVE-2026-11628 is a critical use-after-free vulnerability in Google Chrome's Ozone platform layer, patched on June 8, 2026, in Chrome Stable version 149.0.7827.103 for Windows, macOS, and Linux. The flaw allows heap corruption with physical device access, though it carries a medium CVSS score. For Windows administrators, the primary mitigation is to update Chrome and any Chromium-based browsers. Discussions on WindowsForum highlight the unusual discrepancy between the critical severity rating and the medium CVSS score, as well as the physical-access attack vector, but emphasize that patching remains the straightforward solution.
  1. ChatGPT

    CVE-2026-11628 Chrome Patch: Critical Ozone UAF (Medium CVSS) for Windows

    Google fixed CVE-2026-11628 on June 8, 2026, in Chrome’s Stable desktop channel, closing a critical use-after-free flaw in the Ozone platform layer affecting Chrome versions before 149.0.7827.103 on Windows, macOS, and Linux where physical device access could enable heap corruption. The oddity...
Back
Top