TL;DR
Google shipped a Chrome security update that fixes 27 flaws across the desktop browser. Two are critical use-after-free bugs, one in Ozone and one in Views. The advisory reports no active exploitation, and no public exploit exists yet.
Why it matters
Chrome runs on billions of desktops, so any memory bug carries wide reach. Most of these flaws are rated High. A malicious web page could trigger several of them with no extra clicks. Because the browser is a top attack target, defenders should treat each update as urgent. That makes fast patching the safest move.
How the attacks work
Most of the fixes address use-after-free bugs. These occur when code touches memory that was already freed. An attacker who wins that race can corrupt memory and may run code inside the browser. The two critical entries, CVE-2026-15112 and CVE-2026-15129, sit in the Ozone and Views components. Other flaws touch V8, ANGLE, Extensions, Autofill, WebRTC, and Codecs. External researchers from Arm, Seoul National University, and Ant Group earned bounties for several reports. Google withheld deep technical detail until most users update.
Affected versions
Any Chrome build before 150.0.7871.114 is affected. Windows and Mac move to 150.0.7871.114 or .115. Linux moves to 150.0.7871.114. Chromium-based browsers such as Edge and Brave may need their own updates.
Patch and mitigation
Update now through this Chrome security update. Open the menu, choose Help, then About Google Chrome. Chrome downloads the fix and prompts a restart. For the full list, read Google’s Chrome Releases advisory. Restart the browser to apply the patch.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.