Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Microsoft Teams Blocks Uninvited Bots From Meetings
July 1, 2026
Anthropic Claude AI Reportedly Uses Hidden Code to Detect Chinese Users
July 1, 2026
US Eases Export Restrictions on Claude Fable 5 and Mythos 5 AI Models
July 1, 2026
Home/CyberSecurity News/Chrome Update Patches 382 Vulnerabilities, Including 15 Critical Flaws
CyberSecurity News

Chrome Update Patches 382 Vulnerabilities, Including 15 Critical Flaws

Key Takeaways Google has released Chrome version 151 (150.0.7871.46), addressing a total of 382 security vulnerabilities. The update includes patches for 15 critical flaws, many of which are...

Jennifer sherman
Jennifer sherman
July 1, 2026 4 Min Read
3 0

Key Takeaways

  • Google has released Chrome version 151 (150.0.7871.46), addressing a total of 382 security vulnerabilities.
  • The update includes patches for 15 critical flaws, many of which are “use after free” vulnerabilities.
  • These critical vulnerabilities could enable remote code execution and full browser compromise.
  • The patch is available for Windows, macOS, Linux, and Chrome for iOS users.

Extensive Chrome Update Addresses 382 Vulnerabilities, Including 15 Critical Flaws

Google has rolled out a significant security update for its Chrome web browser, version 151, which integrates patches for an extensive 382 security vulnerabilities. Among these, 15 are classified as critical, posing a substantial risk for remote code execution and complete browser compromise if not addressed promptly.

Table Of Content

  • Key Takeaways
  • Extensive Chrome Update Addresses 382 Vulnerabilities, Including 15 Critical Flaws
  • Details of the Patch Release
  • Critical Vulnerabilities Addressed
  • What You Should Do

This critical update is being deployed across Windows, macOS, Linux, and Chrome for iOS platforms. The fixes span nearly every foundational component within the browser’s architecture, reinforcing its overall security posture.

Details of the Patch Release

According to official release notes from Google, the stable channel update to Chrome 151, specifically desktop build 150.0.7871.46, incorporates 382 distinct security fixes. These vulnerabilities were identified and reported through Google’s Chrome Vulnerability Rewards Program.

In line with Google’s standard coordinated disclosure protocols, specific details regarding these bugs will remain partially undisclosed until the majority of users have successfully updated their browsers. This strategy aims to prevent threat actors from exploiting vulnerabilities in unpatched systems.

The scope of the patched vulnerabilities is broad, encompassing critical remote code execution issues alongside lower-severity flaws related to user interface (UI) and policy enforcement. These issues affect various subsystems, including web rendering, graphics, casting, networking, and components specific to the iOS version of Chrome.

Many of these security defects were discovered internally by Google’s engineering teams. They leveraged advanced memory-safety analysis tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, and various fuzzing frameworks to pinpoint these vulnerabilities.

Critical Vulnerabilities Addressed

Google has designated 15 of the resolved vulnerabilities as critical. A majority of these are “use after free” issues found in high-risk components like Extensions, GPU, WebUSB, Browser, Views, Bluetooth, Chromoting, and Ozone.

These memory corruption flaws are particularly dangerous as they can often be chained together. This allows attackers to achieve arbitrary code execution within the browser or even the underlying operating system context, typically when a user navigates to a malicious webpage or interacts with attacker-controlled content.

The critical vulnerability set also includes instances of type confusion and insufficient validation of untrusted input. These were identified in rendering and graphics subsystems such as Dawn, ANGLE, and Skia, as well as within iOSWeb’s input handling mechanisms.

Exploitation of these specific bugs could enable attackers to bypass sandbox protections, trigger heap corruption, or hijack control flow. Such actions significantly elevate the risk of “drive-by compromise” scenarios, where a user’s system is compromised simply by visiting a malicious website.

Beyond the 15 critical issues, Google fixed a large number of high‑severity vulnerabilities impacting areas such as Chromecast, QUIC, Updater, SVG, Chrome for iOS, Safe Browsing, Accessibility, Canvas, File Input, and various enterprise-focused functionalities.

Many of these high-severity flaws also involve use-after-free, heap buffer overflow, integer overflow, or insufficient policy enforcement. These types of vulnerabilities can facilitate information disclosure, privilege escalation, or sandbox escapes within realistic attack chains.

The update also addresses hundreds of medium-severity vulnerabilities affecting Web Authentication, WebHID, WebXR, DevTools, Autofill, Passwords, PDF, Codecs, Fonts, and numerous UI components. While individually less severe, these bugs collectively expand Chrome’s potential attack surface and can be combined with other vulnerabilities to enhance exploit reliability or circumvent security prompts and indicators.

Furthermore, Google has included dozens of low-severity fixes. These focus on issues such as incorrect security UI displays, policy bypasses, and insufficient validation in components like SplitView, WebXR, Network, WebNN, Chrome for iOS, TabStrip, Storage, GamepadAPI, History Embeddings, and newer AI- and credential-related features.

These lower-severity issues typically contribute to user deception, inconsistent security states, or subtle sandbox and permission bypasses, rather than direct code execution. However, even low-severity weaknesses are crucial for overall browser hardening, particularly against sophisticated threat actors who often rely on multi-bug exploitation chains and social engineering tactics.

Google acknowledges and credits numerous external researchers and partners, alongside its internal teams, for reporting these issues during the Chrome 151 development cycle.

CVE ID Component Root cause / bug class Reported by Report date
CVE-2026-13774 Extensions Use after free in Extensions Google 2026-04-26
CVE-2026-13775 GPU Use after free in GPU Google 2026-05-10
CVE-2026-13776 Dawn Type confusion in Dawn Google 2026-05-14
CVE-2026-13777 iOSWeb Insufficient validation of untrusted input in iOSWeb Google 2026-05-14
CVE-2026-13778 WebUSB Use after free in WebUSB Google 2026-05-14
CVE-2026-13779 Chromoting Use after free in Chromoting Google 2026-05-14
CVE-2026-13780 ANGLE Insufficient validation of untrusted input in ANGLE Google 2026-05-19
CVE-2026-13781 Skia Insufficient validation of untrusted input in Skia Google 2026-05-25
CVE-2026-13782 Browser Use after free in Browser Google 2026-05-26
CVE-2026-13783 Views Use after free in Views Google 2026-05-27
CVE-2026-13784 Views Use after free in Views Google 2026-05-27
CVE-2026-13785 Bluetooth Use after free in Bluetooth Google 2026-05-27
CVE-2026-13786 Ozone Use after free in Ozone Google 2026-05-29
CVE-2026-13787 Chromoting Use after free in Chromoting Google 2026-06-11
CVE-2026-13788 Fullscreen Use after free in Fullscreen Google 2026-06-12

What You Should Do

  • Update Immediately: All users should update to the latest Chrome 151 stable release as soon as possible to mitigate the risk of code execution attacks.
  • Enable Automatic Updates: Ensure automatic updates are enabled for Chrome to receive security patches promptly.
  • Enterprise Deployment: For organizations, prioritize testing and rolling out Chrome 151 across all managed devices, particularly focusing on environments that heavily utilize extensions, remote desktop (Chromoting), WebUSB, WebXR, Chromecast, and Chrome for iOS.
  • Review Security Baselines: Enterprises should review their browser security baselines, including extension governance, site isolation policies, Safe Browsing settings, and OS-level exploit mitigations, to ensure they complement the protections introduced in this update.
  • Monitor Advisories: Stay informed by regularly monitoring Chrome’s official security advisory channels for future vulnerability batches and updates.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityThreatVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Critical Cisco Unified CM and SME Flaw Lets Attackers Launch SSRF Attacks

Next Post

Critical Apache Tomcat flaws let attackers bypass authentication

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Cisco Unified CM and SME Flaw Lets Attackers Launch SSRF Attacks
July 1, 2026
TONResolver Malware Abuses TON Smart Contracts for C2 Switching
July 1, 2026
Critical WhatsApp Web DLL Sideloading Flaw Lets Attackers Hijack Sessions for CEO Fraud
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us