Google on Wednesday announced a Chrome 150 security update that resolves 27 vulnerabilities, including two critical-severity flaws.
The two critical bugs are use-after-free issues in Chrome’s Ozone and Views components. Both were found by Google last month.
The Chrome refresh resolves a total of 13 use-after-free defects, including 10 high-severity and one medium-severity weakness.
Other types of vulnerabilities patched in this update include uninitialized use, integer overflow, out-of-bounds read and write, insufficient validation of untrusted input, inappropriate implementation, insufficient data validation, and insufficient policy enforcement.
Most of these flaws were discovered by Google, a trend that has been ongoing for over two months. Per Google’s advisory, only three of the newly resolved security defects were reported by external researchers, who received a total of $3,000 in bug bounty rewards.
Likely driven by the use of AI, the trend led to lower bug bounty rewards but resulted in far more security weaknesses being addressed.
Since April, Google has rolled out fixes for more than 1,400 Chrome vulnerabilities, including hundreds of memory safety bugs. Chrome updates released in June and July resolved over 1,000 flaws.
The latest Chrome iteration is now available for download as versions 150.0.7871.114/.115 for Windows and macOS, and as version 150.0.7871.114 for Linux.
Related: Google Patches 382 Chrome Vulnerabilities
Related: Chrome 149 Update Resolves 18 Severe Vulnerabilities
Related: Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices
Related: CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws

