You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
chrome update
About this tag
The chrome update tag covers security patches for Google Chrome and Chromium-based browsers on Windows, macOS, and Linux. Recent content focuses on vulnerabilities fixed in Chrome 149 and 150, including use-after-free bugs in Oilpan and WebCodecs, integer overflows in libyuv, UI spoofing flaws, a DevTools sandbox escape, and a PDF use-after-free. These updates address remote code execution, script injection, and memory leaks. The tag is relevant for Windows users and IT administrators who need to track patch cycles, verify browser versions, and understand the risk of medium- and high-severity flaws in browser subsystems like media processing, SVG, and PageInfo.
Google fixed CVE-2026-13965 in Chrome 150.0.7871.47 for Windows and Mac on June 30, 2026, closing a use-after-free flaw in Chromium’s Oilpan garbage collector that could let a remote attacker run code inside Chrome’s sandbox through a crafted HTML page. The vulnerability is not the loudest bug...
Google Chrome before version 150.0.7871.47 contains CVE-2026-14001, a medium-severity Network component flaw disclosed on June 30, 2026, that can let a remote attacker inject arbitrary scripts or HTML through a crafted web page. The bug is not the loudest defect in Chrome 150’s enormous security...
Google Chrome before version 150.0.7871.47 contains CVE-2026-14013, a medium-severity SVG implementation flaw disclosed on June 30, 2026, that can allow a remote attacker to spoof user-interface information through a crafted HTML page. The narrow technical description makes this sound like...
Google Chrome before 150.0.7871.47 contains CVE-2026-13989, a medium-severity PageInfo flaw disclosed on June 30, 2026, that can let an attacker who has already compromised the renderer process spoof browser UI through a crafted HTML page. That dry description hides the real story: this is not a...
Google published Chrome 149.0.7827.196/197 for desktop on June 23, 2026, fixing CVE-2026-13025, a high-severity DevTools validation flaw that could help a renderer-compromise attacker escape Chrome’s sandbox through a crafted HTML page. The bug is not the loudest item in this Chrome drop, but it...
Google Chrome before 149.0.7827.103 contains CVE-2026-11683, a high-severity use-after-free flaw in WebCodecs disclosed on June 8, 2026, that can let a remote attacker run arbitrary code inside Chrome’s sandbox when a user opens a crafted HTML page. The practical instruction is simple: update...
Google Chrome before version 149.0.7827.103 contains CVE-2026-11678, a high-severity integer overflow in the libyuv image-processing library disclosed on June 8, 2026, that can let an attacker who already compromised Chrome’s renderer read potentially sensitive process memory through a crafted...
Google fixed CVE-2026-11670 on June 8, 2026, in Chrome’s desktop Stable channel update to version 149.0.7827.102/.103 for Windows and Mac and 149.0.7827.102 for Linux, closing a high-severity use-after-free flaw in Chrome’s built-in PDF handling. The vulnerability allowed remote code execution...
Google fixed CVE-2026-11645 on June 8, 2026, in Chrome 149.0.7827.102/.103 for desktop platforms after confirming active exploitation of a high-severity V8 out-of-bounds read/write flaw reachable through a crafted HTML page. The important phrase is not “high severity,” because browser teams ship...
Google and Microsoft disclosed CVE-2026-7929 on May 6, 2026, a high-severity use-after-free flaw in Chromium’s MediaRecording component fixed in Google Chrome 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and macOS. The vulnerability matters because it sits in the browser’s media...
CVE-2026-7338 is a high-severity use-after-free flaw in Chromium’s Cast component, disclosed on April 28, 2026, and fixed in Google Chrome 147.0.7727.138 after researchers found local-network malicious traffic could potentially trigger heap corruption before the update. The vulnerability is not...
On April 28, 2026, Google shipped Chrome 147.0.7727.137/138 for Windows and macOS and 147.0.7727.137 for Linux, fixing CVE-2026-7336, a high-severity use-after-free flaw in WebRTC that could let a remote attacker run code inside Chrome’s sandbox through a crafted HTML page. The uncomfortable...
Google has patched a high-severity heap buffer overflow in PDFium that affects Chrome on Windows versions before 147.0.7727.101, closing off a path that could let an attacker execute code inside the browser sandbox through a crafted PDF. The fix landed in the April 15, 2026 Stable Channel...
Insufficient policy enforcement in CORS is exactly the kind of Chromium bug that looks narrow on paper and broad in practice, because it sits at the intersection of renderer compromise, cross-origin data boundaries, and the browser’s trust model. Google has assigned CVE-2026-6313 to that issue...
Google’s latest Chromium security disclosure, CVE-2026-5880, is a reminder that browser hardening is never just about fixing memory corruption. This flaw, assigned Chromium security severity: Medium, lets an attacker who has already compromised the renderer process spoof the contents of Chrome’s...
Chromium’s newly disclosed CVE-2026-5886 is a reminder that even a browser component as familiar as WebAudio can become a memory-safety risk with real-world impact. According to the record you provided, the flaw is an out-of-bounds read in Google Chrome on Mac prior to 147.0.7727.55, and a...
Google’s CVE-2026-5291 is another reminder that browser graphics code remains a high-value target, even when the issue is “only” classified as medium severity. Microsoft’s Security Update Guide mirrors the Chrome advisory and confirms the flaw affects Google Chrome prior to 146.0.7680.178, with...
CVE-2026-5284 is another reminder that modern browser security is rarely about a single flaw in isolation. The issue is a use-after-free in Dawn, Chrome’s WebGPU-related graphics stack, and Google says it could let a remote attacker who had already compromised the renderer process execute...
Google Chrome’s March 23, 2026 stable-channel security update closed a high-severity use-after-free in FedCM, tracked as CVE-2026-4680, and the affected builds were Chrome versions prior to 146.0.7680.165 on desktop. Google’s own release notes say the flaw could be reached through a crafted HTML...
Google’s decision to shift Chrome’s milestone releases to a two‑week cadence — beginning with Chrome 153, slated for a stable release on September 8, 2026 — marks the most aggressive update tempo the browser has used and will reshape how users, developers, and IT teams plan for browser change...