Google Chrome 149: New Replace Fixes 429 Safety Flaws, 22 Crucial

Posted by techforbes June 5, 2026


The impression on Google Chrome’s safety from advances in AI continues to be felt, and the most recent browser replace reveals simply how laborious the AI vulnerability detection shockwave is hitting. The most recent replace, which takes Chrome to model 149.0.7827.53/54, consists of at least 429 safety vulnerabilities, of which 22 are replete with a Frequent Vulnerabilities and Exposures severity score of vital. Whereas a few of these have been found and disclosed by exterior safety researchers, or bug bounty hunters should you choose, the overwhelming majority are credited to Google itself. There might be little question that Google’s inner safety AI tooling is uncovering beforehand hidden safety points at some tempo.

The excellent news is that these safety vulnerabilities have all been mounted with the discharge of Chrome 149.0.7827.53/54 on the Linux, Mac and Home windows platforms, and none are recognized to have been utilized by attackers, so-called zero day exploits, earlier than the replace disclosure.

The Chrome replace will probably be heading your means quickly, however you may manually drive the replace to be on the protected aspect, and I’ll clarify how in a second.

ForbesNew Android 14, 15 And 16 Replace Fixes Actively Exploited Safety FlawBy Davey Winder

Google Chrome Fixes 22 Crucial Safety Vulnerabilities, $209,000 In Bounties Awarded To Researchers

Safety researchers proceed to do good work uncovering hidden safety vulnerabilities inside the Chrome codebase, and a few will use AI to assist with their discoveries. They may also, nevertheless, use their expertise and technical abilities to offer proof of ideas for these discoveries. That such bug bounty prowess is just not lifeless but is available in the truth that these human hackers acquired a staggering $209,000 in reward funds for the issues disclosed within the newest replace.

Safety researchers proceed to do good work uncovering hidden vulnerabilities within the Chrome codebase, and a few will use AI to help their discoveries. They may also, nevertheless, use their expertise and technical abilities to offer proof of ideas for these discoveries. That such bug bounty prowess is just not lifeless but is available in the truth that these human hackers acquired a staggering $209,000 in reward funds for the issues disclosed within the newest replace. The most important of those, $97,000, went to an nameless researcher for a critical-rated out-of-bounds learn and write vulnerability in Chrome’s ANGLE element. This was adopted by a cost of $43,000 to, and sure, that is the credited hacker id, c6eed09fc8b174b0f3eebedcceb1e792, for a use-after-free vulnerability, additionally vital, within the Community element.

The critical-rated vulnerabilities comply with, whikle the total listing of safety flaws are listed by Google here.

  • CVE-2026-10881: Out-of-bounds learn and write in ANGLE.
  • CVE-2026-10882: Use-after-free in Community.
  • CVE-2026-10883: Out-of-bounds write in ANGLE.
  • CVE-2026-10884: Use-after-free in Chromecast.
  • CVE-2026-10885: Use-after-free in Chrome for iOS. CVE-2026-10886: Use-after-free in FileSystem.
  • CVE-2026-10887: Use-after-free in Chromoting.
  • CVE-2026-10888: Use-after-free in Solid Streaming.
  • CVE-2026-10889: Out-of-bounds learn in ANGLE.
  • CVE-2026-10890: Use-after-free in Solid.
  • CVE-2026-10891: Use-after-free in GFX.
  • CVE-2026-10892: Out-of-bounds write within the GPU.
  • CVE-2026-10893: Use-after-free in Chromoting.
  • CVE-2026-10894: Use-after-free in Printing.
  • CVE-2026-10895: Use-after-free in Ozone.
  • CVE-2026-10896: Use-after-free in Chrome for iOS.
  • CVE-2026-10897: Out-of-bounds write within the GPU.
  • CVE-2026-10898: Stack buffer overflow in GPU.
  • CVE-2026-10899: Use-after-free in Ozone.
  • CVE-2026-10900: Use-after-free in Passwords.
  • CVE-2026-10901: Use-after-free in Passwords. CVE-2026-10902: Use-after-free in Ozone.

ForbesGoogle To Introduce Android AI Voice Rip-off Alerts Earlier than Finish Of JuneBy Davey Winder

Whereas the primary two of those bought huge bug bounty funds, I used to be stunned to see that two vital vulnerabilities impacting Chrome on iOS have been included, as that is as uncommon as rocking horse poop. The 2 vital vulnerabilities impacting the Passwords element additionally, fairly clearly, stood out for me. Nevertheless, as I’ve already mentioned, the excellent news is that these have now been mounted. Or at, least, they are going to be as soon as your copy of Chrome has been up to date. With regards to Android and iOS that is only a matter of updating the app, however for desktop customers there are two choices obtainable.

The primary is to attend for the replace to hit your copy mechanically, however since, in line with Google Chrome’s Srinivas Sista, it’s rolling out “over the approaching days/weeks,” you may want to speed up the method and set off the replace manually.

You are able to do this utilizing the next steps:

Merely use the three-dot Chrome menu to pick Assist|About Google Chrome, and the replace obtain and set up course of will start.

As soon as the set up is full, Google Chrome will immediate you to restart to activate the safety.