Google has issued a critical security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could enable attackers to execute arbitrary code on affected systems. Users are strongly advised to update their browsers immediately to mitigate potential risks.
The latest Chrome Stable channel has been updated to version 149.0.7827.155/.156 for Windows and macOS, and 149.0.7827.155 for Linux. This rollout is gradual and will reach users over the coming days and weeks. The release includes 33 security fixes, several of which are rated critical due to their potential for remote code execution (RCE).
Critical Vulnerabilities Patched
Among the patched issues, seven critical vulnerabilities stand out, primarily involving “use-after-free” memory corruption bugs. These flaws can allow attackers to manipulate memory and execute arbitrary code within the browser context. Key critical vulnerabilities include:
- CVE-2026-12437: Use-after-free in WebShare.
- CVE-2026-12438: Inappropriate implementation in WebView.
- CVE-2026-12439 & CVE-2026-12440: Use-after-free in Digital Credentials.
- CVE-2026-12441: Use-after-free in File Input.
- CVE-2026-12442: Use-after-free in Passwords.
- CVE-2026-12443: Use-after-free in Web Authentication.
Use-after-free vulnerabilities occur when memory is accessed after it has been released, potentially allowing attackers to corrupt memory structures and gain control of the execution flow. In a real-world scenario, a victim simply visiting a malicious webpage could trigger exploitation without additional interaction.
Additional High-Severity Vulnerabilities
In addition to critical flaws, Google patched numerous high-severity vulnerabilities across components such as WebRTC, Extensions, Safe Browsing, GPU, and File System Access. Notable vulnerabilities include:
- CVE-2026-12447: Heap buffer overflow in WebRTC.
- CVE-2026-12444: Out-of-bounds read in Chromoting.
- CVE-2026-12445: Use-after-free in Extensions.
- CVE-2026-12446: Insufficient data validation in Passwords.
These vulnerabilities could lead to data leaks, sandbox escapes, or further exploitation chains when combined with other bugs.
Update Recommendations
To protect against these vulnerabilities, users should update their Chrome browsers immediately by following these steps:
- Open Chrome and click the three-dot menu in the top-right corner.
- Navigate to Help > About Google Chrome.
- Allow Chrome to automatically check for and install the latest update.
- Restart the browser to complete the update process.
Enterprise administrators can enforce updates through group policies to ensure all users are protected promptly.
Google has restricted detailed technical information for some bugs until the majority of users have installed the update. This practice helps prevent exploitation by malicious actors during the update rollout period.
Regularly updating browsers is crucial in maintaining security, as cybercriminals continually exploit vulnerabilities to compromise systems. Users should remain vigilant and ensure their software is up to date to protect against potential threats.
