Chrome 151 Update Fixes 382 Vulnerabilities, Including 15 Critical

Google has released Chrome 151, a significant update addressing 382 security vulnerabilities across its browser platform. This comprehensive patch includes fixes for 15 critical flaws that, if exploited, could allow attackers to execute arbitrary code or gain full control over affected systems.

The update is being rolled out to users on Windows, macOS, Linux, and iOS platforms. Given the severity of the vulnerabilities addressed, users are strongly encouraged to update their browsers promptly to mitigate potential security risks.

Critical Vulnerabilities Patched

Among the critical issues resolved are several “use-after-free” vulnerabilities found in key components such as Extensions, GPU, WebUSB, Browser, Views, Bluetooth, Chromoting, and Ozone. These memory corruption flaws can be exploited to execute arbitrary code when users interact with maliciously crafted web content.

Additionally, the update addresses type confusion and insufficient validation vulnerabilities in rendering and graphics subsystems, including Dawn, ANGLE, and Skia, as well as in iOSWeb’s input handling. Exploiting these flaws could enable attackers to bypass security sandboxes, corrupt memory, or hijack control flow, increasing the risk of system compromise.

High and Medium Severity Fixes

Beyond the critical patches, Chrome 151 includes numerous high-severity fixes targeting components such as Chromecast, QUIC, Updater, SVG, Chrome for iOS, Safe Browsing, Accessibility, Canvas, File Input, and enterprise-focused features. These vulnerabilities encompass use-after-free, heap buffer overflow, integer overflow, and insufficient policy enforcement issues that could lead to information disclosure, privilege escalation, or sandbox escapes.

The update also addresses hundreds of medium-severity flaws affecting Web Authentication, WebHID, WebXR, DevTools, Autofill, Passwords, PDF, Codecs, Fonts, and various UI components. While individually less impactful, these vulnerabilities collectively expand Chrome’s attack surface and could be exploited in combination with other issues to enhance exploit reliability or bypass security measures.

Low Severity Fixes and Internal Discoveries

Chrome 151 includes dozens of low-severity fixes focusing on incorrect security UI, policy bypasses, and insufficient validation in components such as SplitView, WebXR, Network, WebNN, Chrome for iOS, TabStrip, Storage, GamepadAPI, History Embeddings, and newer AI- and machine learning-based features. Many of these vulnerabilities were identified internally by Google’s security teams using advanced memory safety tools like AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, and fuzzing frameworks.

Google’s proactive approach to identifying and patching vulnerabilities underscores the importance of regular software updates. Users are advised to ensure their browsers are up to date to benefit from the latest security enhancements and protect against potential exploits.