You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-11628
About this tag
CVE-2026-11628 is a critical use-after-free vulnerability in Google Chrome's Ozone platform layer, patched on June 8, 2026, in Chrome Stable version 149.0.7827.103 for Windows, macOS, and Linux. The flaw allows heap corruption with physical device access, though it carries a medium CVSS score. For Windows administrators, the primary mitigation is to update Chrome and any Chromium-based browsers. Discussions on WindowsForum highlight the unusual discrepancy between the critical severity rating and the medium CVSS score, as well as the physical-access attack vector, but emphasize that patching remains the straightforward solution.
Google fixed CVE-2026-11628 on June 8, 2026, in Chrome’s Stable desktop channel, closing a critical use-after-free flaw in the Ozone platform layer affecting Chrome versions before 149.0.7827.103 on Windows, macOS, and Linux where physical device access could enable heap corruption. The oddity...