Chrome 149 fixes 429 safety flaws, probably the most ever in a single replace

Within the new Chrome variations 149.0.7827.53/54 for Home windows and macOS, and 149.0.7827.53 for Linux, the builders have mounted greater than 400 vulnerabilities, a few of that are essential. In response to Google, not one of the patched vulnerabilities have been exploited within the wild but.

What’s new in Chrome 149?

The browser’s personal “What’s New” web page lists new options within the PDF viewer as the one innovation. Google is clearly following the pattern of turning built-in PDF viewers into small PDF editors. With Chrome 149, you can’t solely fill in PDF information on-line, however now additionally annotate and signal them. This has been accessible in Firefox for a while.

Chrome was presupposed to have carried out the choice to rearrange tabs vertically slightly than horizontally in April, and Studying Mode is about to change into extra immersive by filling the complete browser window slightly than simply half of a break up view. Nonetheless, neither of those new options is offered but (or a minimum of not for everybody).

Chrome normally updates routinely when a brand new model is offered. You’ll be able to manually examine for updates by way of the menu merchandise Assist → About Google Chrome (or Settings → About Google Chrome).

Google additionally launched Chrome for Android 149.0.7827.59 this week, having already launched Chrome for iOS 149.0.7827.45 final week. The Android model addresses the identical vulnerabilities because the desktop variations. The Prolonged Steady Channel for Home windows and macOS now contains Chromium model 148.0.7778.254.

The discharge of Chrome 150 is anticipated on the finish of June.

Safety flaws in Chrome 149

Within the Chrome Releases weblog publish, Srinivas Sista lists 429 safety vulnerabilities mounted simply two days after the replace was introduced—excess of ever earlier than. Specialised “AI” instruments (equivalent to Google Large Sleep) are prone to have performed a major function within the dramatic improve in vulnerabilities discovered. Google states that it found 371 of those vulnerabilities itself; the rest have been detected and reported by exterior safety researchers. To this point, Google has awarded these researchers a complete of $209,000 in bounties.

Twenty-two of the vulnerabilities are categorized as essential: CVE-2026-10881 to CVE-2026-10902. Nearly all of the vulnerabilities categorized as essential are use-after-free (UAF) vulnerabilities in numerous parts, such because the WebGL library Angle. An extra 87 vulnerabilities are categorized as excessive danger. Of the remaining vulnerabilities, 226 are thought-about medium danger and 94 low danger.

In complete, use-after-free vulnerabilities account for the most important share with 110 situations, adopted by “inadequate validation” of inputs with 88, and “inappropriate implementation” with 60 vulnerabilities. The WebGL library Angle accounts for probably the most resolved safety vulnerabilities, with 37, adopted by the extension interface and media dealing with, every with 18 vulnerabilities patched. If we add the errors in codecs, media dealing with accounts for 28 patched safety vulnerabilities.

Tip: Whether or not you retain your browser updated, you want correct antivirus protections if you’d like your PC to stay safe and personal. Take a look at our picks for the perfect antivirus software program for Home windows in addition to greatest VPN providers to remain forward of safety issues.