Chrome 149 Patches 429 Vulnerabilities

Google this week promoted Chrome 149 to the stable channel with patches for 429 vulnerabilities, a record for a single Chrome refresh.

Already exceeding several times the total number of Chrome security fixes released in 2025, the surge in Chrome flaws is likely driven by AI use, which led Google to lower Chrome bug bounties in April.

Over 100 of the newly resolved security defects are critical and high-severity issues, most of which are use-after-free and insufficient validation of untrusted input flaws.

The most severe of the bugs is CVE-2026-10881 (CVSS score of 9.6), an out-of-bounds read and write weakness in the ANGLE graphics engine.

Remote attackers could exploit the vulnerability to escape Chrome’s sandbox via crafted HTML pages, potentially achieving code execution on the underlying operating system.

In its advisory, Google says it handed out a $97,000 bug bounty reward to the external researcher who reported the issue.

Advertisement. Scroll to continue reading.

Two other critical-severity defects were reported by external researchers, namely CVE-2026-10882, a use-after-free issue in Network, which earned the reporting researcher a $43,000 reward, and CVE-2026-10883, an out-of-bounds write in ANGLE that was awarded a $5,000 bug bounty.

The remaining 19 critical-severity vulnerabilities addressed in this Chrome release were discovered by Google. Out of approximately 90 high-severity flaws, only 10 were reported by external researchers.

Approximately 40 of the over 300 medium and low-severity weaknesses resolved with the update were reported by external researchers.

Most of the patched weaknesses were use-after-free and insufficient validation of untrusted input issues. Numerous inappropriate implementation, insufficient policy enforcement, and out-of-bounds flaws were also addressed.

Google paid roughly $208,000 in bug bounty rewards to the reporting researchers, but the final amount could be much higher, as the company has yet to disclose the amounts for over a dozen reports.

The latest Chrome iteration is now rolling out as version 149.0.7827.53 for Linux and versions 149.0.7827.53/54 for Windows and macOS.

What's Hot

Tim Cook’s final WWDC is looking pretty Siri-ous

Beyond Instagram: Introducing the next generation of social apps

How to watch Bolivia vs Scotland: Free Streams for World Cup warm-up

Chrome 149 Patches 429 Vulnerabilities

Opal Security Raises $23 Million for AI-Native Identity Governance

Hackers Leak DentaQuest Information Impacting 2.6 Million

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA

Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities

Willow Raises $7 Million for Securing Autonomous AI Agents

The iPad Air brand makes no sense – it needs a rethink

ChatGPT Group Chats are here … but not for everyone (yet)

Facebook updates its algorithm to give users more control over which videos they see

Our Picks

Tim Cook’s final WWDC is looking pretty Siri-ous

Beyond Instagram: Introducing the next generation of social apps

How to watch Bolivia vs Scotland: Free Streams for World Cup warm-up

Subscribe to Updates

What's Hot

Chrome 149 Patches 429 Vulnerabilities

Related Posts