Chrome 150 Patches Two Critical Use-After-Free Flaws in Ozone, Views

Google released Chrome 150.0.7871.114/.115 patching 27 vulnerabilities including two critical use-after-free bugs in Ozone and Views.
Table of Contents
    Add a header to begin generating the table of contents

    Google has released Chrome 150.0.7871.114/.115 for Windows and macOS and 150.0.7871.114 for Linux as a security point update within the Chrome 150 branch, patching 27 vulnerabilities across browser subsystems. Two of the patched flaws carry critical severity ratings: a use-after-free in Ozone, Chrome’s cross-platform display system abstraction, and a use-after-free in Views, Chrome’s UI toolkit responsible for rendering browser interface elements. No active exploitation has been confirmed for any of the 27 vulnerabilities at time of release.

    The Two Critical Use-After-Free Vulnerabilities in Chrome’s Ozone and Views Components

    The two critical-severity flaws both fall into the use-after-free class — a memory corruption vulnerability that occurs when code continues to access a memory region after that region has been freed. In browser environments, use-after-free vulnerabilities in subsystems that handle rendering or interface operations carry established exploit potential because they can corrupt browser state in ways that enable code execution if chained with a renderer compromise.

    Chrome’s Ozone component is the abstraction layer that mediates between Chrome’s rendering engine and the underlying display system on Linux and ChromeOS. Chrome’s Views component is the UI toolkit that renders the browser’s own interface elements — address bar, tabs, settings panels, and dialogs — as distinct from the web content displayed in the browser’s content area.

    Why Use-After-Free in Browser Display and UI Code Carries Elevated Exploit Potential

    Memory corruption in browser display and UI layers is attractive to exploit developers for a specific reason: these components interact directly with the browser’s most privileged memory contexts. A use-after-free in Ozone could affect how the browser’s display subsystem handles graphics state, while a use-after-free in Views could corrupt the browser interface’s own memory. When either class of vulnerability is combined with a separate renderer compromise — a vulnerability that gives an attacker code execution within the less-privileged renderer process — the use-after-free in a higher-privileged component can serve as the escalation step that breaks out of the renderer sandbox. Google’s critical severity rating for both vulnerabilities reflects this chaining potential.

    The exact CVE identifiers for the two critical flaws were not included in Google’s initial advisory for this update.

    Ten Additional High-Severity Use-After-Free Bugs in the Same Chrome 150 Point Release

    Beyond the two critical flaws, the Chrome 150.0.7871.114 update includes ten additional high-severity use-after-free vulnerabilities spanning multiple Chrome subsystems, along with medium-severity integer overflow, out-of-bounds read and write, and input validation bugs. The presence of ten high-severity use-after-free flaws alongside two critical ones in a single point release indicates a cluster of memory safety issues discovered through Google’s internal security programs rather than a set of targeted external disclosures.

    Google credited most of the 27 vulnerabilities to its internal security teams, including Project Zero and Chrome’s dedicated security team. Three externally-reported vulnerabilities collectively earned $3,000 in bug bounty rewards.

    How Google Released Chrome 150.0.7871.114 and Where Active Exploitation Stands

    Google distributed this update as a point release within the existing Chrome 150 stable channel — a security-focused release separate from the initial Chrome 150 branch launch and its associated major vulnerability batch. The update reaches users through Chrome’s automatic update mechanism, which checks for and installs available updates when the browser is restarted or when the update check triggers in the background.

    For organizations managing Chrome deployments through enterprise policies — including companies that pin Chrome versions or require internal testing before update deployment — this release requires prioritization due to the two critical-severity memory corruption entries. The absence of confirmed active exploitation at time of release provides a window for managed deployment, but the critical severity rating for the Ozone and Views flaws reflects Google’s assessment of their exploitability in a chained attack scenario rather than confirmed in-the-wild use.

    Chrome Patch Cadence Context: Over 1,000 Vulnerabilities Fixed Across June and July Releases

    The Chrome 150.0.7871.114 update is part of a June and July release cycle that has collectively resolved over 1,000 vulnerabilities across Chrome’s stable releases, reflecting an aggressive patch cadence driven by Chrome’s internal fuzzing programs and AI-assisted vulnerability discovery. For organizations managing Chrome fleet updates at scale, the volume and frequency of Chrome security releases in this period suggests treating Chrome patching as a continuous process rather than a periodic maintenance event, given the consistent discovery of critical and high-severity memory corruption issues across successive releases.

    Related Posts