Google has released a new update for its Chrome browser, addressing 27 security vulnerabilities, including two critical flaws that could allow remote code execution (RCE) on affected systems. The update is now rolling out globally, bringing Chrome to version 150.0.7871.114/.115 on Windows and macOS, and 150.0.7871.114 on Linux.
The most severe issues addressed in this release are tracked as CVE-2026-15112 and CVE-2026-15129, both categorized as critical use-after-free vulnerabilities. The first flaw resides in Chrome’s Ozone platform abstraction layer, while the second affects the Views UI framework. Use-after-free vulnerabilities occur when memory is accessed after it has been freed, often leading to memory corruption that attackers can exploit to execute arbitrary code. In real-world scenarios, successful exploitation could allow a remote attacker to compromise a victim’s system simply by luring them to a malicious webpage.
Alongside these critical bugs, Google patched numerous high-severity vulnerabilities across multiple Chrome components. These include memory-safety issues, such as use-after-free flaws in Autofill, WebRTC, Core, Input, Payments, and Forms, as well as uninitialized memory usage in V8 and ANGLE.
Details of the Vulnerabilities
Several vulnerabilities also stem from insufficient validation of untrusted input in components such as WebAppInstalls and Codecs, which could be exploited to trigger unexpected behavior or bypass security controls. Notably, CVE-2026-15132 highlights an uninitialized use vulnerability in the V8 JavaScript engine, a critical component responsible for executing web scripts. Attackers often target V8 due to its complexity and direct exposure to web content, making such flaws particularly valuable in exploit chains.
Another issue, CVE-2026-15108, involves an integer overflow in the Extensions API, which could allow malicious extensions or crafted inputs to compromise browser integrity. Google also addressed multiple issues with logic and policy enforcement, including flaws in password management, navigation handling, and DOM validation. These weaknesses may not directly lead to code execution but can still be abused to weaken browser security boundaries or facilitate further exploitation.
As with most Chrome releases, technical details for many vulnerabilities remain restricted to prevent active exploitation before users have applied the update.
Given the critical nature of some of these vulnerabilities, it’s imperative for users to update their Chrome browsers promptly. Regular updates are essential to maintain security and protect against potential exploits that could compromise personal data and system integrity.