Do Son 
TL;DR
Google updated Chrome’s Stable channel to 149.0.7827.196 for desktop. This Chrome 149 security update fixes 18 flaws, and four carry a critical rating. Most bugs involve memory errors in WebGL, Autofill, and Blink.
Why It Matters
Chrome runs on billions of desktops worldwide. Therefore, a single memory bug can expose huge numbers of users. The four critical issues are the main concern here. Two of them, CVE-2026-13028 and CVE-2026-13032, sit inside WebGL. A third, CVE-2026-13033, affects Blink’s InterestGroups code. The fourth, CVE-2026-13038, hits Autofill.
Beyond the critical bugs, the update also fixes 14 high-severity issues. These touch GPU, Bluetooth, FileSystem, and Web Authentication, among other parts.
How the Attack Works
Most of these bugs are use-after-free errors. In short, the browser frees a chunk of memory but still points to it. Afterward, an attacker can reuse that memory to corrupt browser state. A crafted web page could then trigger the flaw during a normal visit. As a result, attackers may run code or read data they should not reach.
So far, Google reports no exploitation in the wild. Likewise, no public proof-of-concept exists for these specific CVEs. Security outlets that tracked the broader Chrome 149 cycle reported the same clean status. Still, the critical ratings make fast patching wise.
Affected Versions
The flaws affect every desktop Chrome build before 149.0.7827.196. This covers Windows, Mac, and Linux installs.
Patch and Mitigation
Update Chrome to 149.0.7827.196 or later right now. On Windows and Mac, the fixed build is 149.0.7827.196/197. Open the menu, then choose Help and About Google Chrome to start the check. After the download, restart the browser to apply the patch. So apply this Chrome 149 security update without delay. For full details, see Google’s official Chrome stable channel update.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
