CVE-2026-2321: Use after free in Ozone
Published Nov 18, 2025
·Updated
Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Credit
Google
Affected Software
5 affected components
Google Chrome<145.0.7632.45
All of the following
Google Chrome<145.0.7632.45
Any of the following
Apple macOS
Linux Linux kernel
Microsoft Windows
Event History
Feb 11, 2026
CVE Published
via MITRE·06:08 PM
Data Sourced
via MITRE·06:08 PM
DescriptionWeakness
Data Sourced
via NVD·07:15 PM
DescriptionSeverityWeaknessAffected Software
Feb 26, 2026
Data Sourced
12:00 AM
SeverityWeakness
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
1
What is the severity of CVE-2026-2321?
CVE-2026-2321 is classified with a medium security severity level.
2
How do I fix CVE-2026-2321?
To fix CVE-2026-2321, update Google Chrome to version 145.0.7632.45 or later.
3
What type of vulnerability is CVE-2026-2321?
CVE-2026-2321 is a use after free vulnerability in the Ozone component of Google Chrome.
4
What can an attacker do with CVE-2026-2321?
An attacker can potentially exploit heap corruption through a crafted HTML page by convincing a user to perform specific UI gestures.
5
Which versions of Google Chrome are affected by CVE-2026-2321?
Google Chrome versions prior to 145.0.7632.45 are affected by CVE-2026-2321.