Chrome Security Alert: Google Patches 30 Vulnerabilities in Massive Desktop Update

Google has released a significant security update for the Chrome stable channel, addressing 30 security fixes. The update, which brings the browser to version 147.0.7727.137/138 for Windows and Mac and 147.0.7727.137 for Linux, is set to roll out to the global user base over the coming days and weeks.

This patch cycle is particularly noteworthy for the high volume of “Critical” and “High” severity vulnerabilities resolved, many of which involve memory safety issues that could lead to remote code execution.

A staggering majority of the highlighted fixes in this release address Use After Free (UAF) vulnerabilities. These memory corruption bugs occur when an application continues to use a pointer after it has been freed, potentially allowing an attacker to execute arbitrary code or bypass security sandboxes.

Critical-rated highlights include:

• CVE-2026-7363: A UAF flaw in Canvas reported by researcher heapracer, earning a $7,000 bounty.
• CVE-2026-7361: A UAF in iOS identified by Google’s internal teams.
• CVE-2026-7344 & CVE-2026-7343: Severe UAF issues found in Accessibility and Views, respectively.

Google has already begun distributing significant rewards to external researchers who helped identify these threats. One researcher, identified by a hexadecimal handle, was awarded $16,000 for discovering CVE-2026-7333, a high-severity UAF vulnerability in the GPU component.

Other significant “High” and “Medium” severity fixes include:

• V8 Type Confusion: CVE-2026-7337 in the V8 engine, which handles JavaScript execution.
• WebRTC Safety: Multiple UAF and heap buffer overflow issues in WebRTC (CVE-2026-7336, CVE-2026-7341, and CVE-2026-7339).
• Graphics & Media: Patches for the ANGLE graphics engine and various Media components to prevent buffer overflows and integer overflows.

As is standard practice for major browser updates, Google is currently withholding the full technical details for many of these bugs. The company stated, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix”.

This period prevents threat actors from reverse-engineering the patches to develop exploits before the general public has had a chance to secure their systems. Restrictions also remain in place for bugs residing in third-party libraries that other projects may still depend on.

Because many of these vulnerabilities are classified as Critical or High, users are urged to update their browsers immediately.

How to update:

1. Open Chrome.
2. Click the three dots in the top-right corner.
3. Navigate to Help > About Google Chrome.
4. The browser will automatically check for and download the update.
5. Relaunch the browser to apply the fixes.