Chrome Security Update Fixes 33 Flaws, Seven Critical

Google has shipped a major Chrome security update, and it closes 33 distinct vulnerabilities. The Stable channel now moves to 149.0.7827.155/.156 for Windows and Mac. Linux users receive build 149.0.7827.155 as well.

Seven Critical Bugs Lead the List

Seven flaws earned Google’s top “Critical” rating. Notably, most of them are use-after-free errors, a memory-corruption class that often enables remote code execution.

CVE-2026-12437 sits in the WebShare component. Meanwhile, CVE-2026-12442 affects the Passwords feature, and CVE-2026-12443 hits Web Authentication. Two more, CVE-2026-12439 and CVE-2026-12440, target Digital Credentials.

Because these bugs touch sensitive browser areas, attackers could chain them for serious impact. Therefore, fast patching matters.

High-Severity Fixes Round It Out

The remaining issues carry a “High” severity tag. They span Extensions, WebRTC, Media, Downloads, and the Tab Strip, among others. Several involve heap buffer overflows or untrusted input validation gaps.

This Chrome security update therefore reaches deep across the browser’s codebase. External researchers, including Zhixin Tu, contributed alongside Google’s internal teams.

How to Stay Protected

Most users will receive the rollout automatically over the coming days. However, you should not wait. Instead, open the menu, head to Help, and select “About Google Chrome” to trigger an immediate check.

After the download finishes, relaunch the browser to apply the fix. You can review the vendor advisory in the official Chrome Stable channel release notes.

As always, Google is limiting access to bug details until most users update. This delay helps prevent attackers from weaponizing the patches early.

In short, this Chrome security update is one worth applying right away. Memory-safety bugs remain a favorite target, so a quick relaunch is cheap insurance.