CVE-2026-2321
Published: 11 February 2026
Description
Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of the use-after-free flaw in Chrome's Ozone component to eliminate the heap corruption vulnerability.
Implements memory protection safeguards such as ASLR and DEP to directly prevent exploitation of the use-after-free leading to heap corruption in Ozone.
Enforces process isolation through Chrome's sandboxing to contain the impact of Ozone use-after-free vulnerabilities and prevent system-wide compromise.
Security SummaryAI
CVE-2026-2321 is a use-after-free vulnerability (CWE-416) in the Ozone component of Google Chrome prior to version 145.0.7632.45. Published on 2026-02-11, it enables potential heap corruption when a user processes a crafted HTML page, with Chromium assigning it a Medium security severity.
A remote attacker with no privileges can exploit this vulnerability over the network with low complexity by convincing a targeted user to engage in specific UI gestures on a malicious webpage. Successful exploitation could result in high confidentiality, integrity, and availability impacts, as indicated by its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
The Chrome stable channel release notes and associated Chromium issue detail the patch in version 145.0.7632.45, recommending immediate updates to affected systems for mitigation.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free vulnerability in Chrome's Ozone component exploited via crafted HTML page requiring user UI gestures, directly mapping to Exploitation for Client Execution (T1203).