Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical Dell PowerProtect flaws let attackers gain full system access
July 15, 2026
Microsoft Confirms Dell Laptop Overheating, Shutdowns After July Windows Update
July 15, 2026
FaceTime Call Impersonation Fraud Hijacks Bank Accounts
July 15, 2026
Home/CyberSecurity News/Chrome 150 Update Patches 15 Flaws, Two Critical Code Execution Vulnerabilities
CyberSecurity News

Chrome 150 Update Patches 15 Flaws, Two Critical Code Execution Vulnerabilities

Key Takeaways Google has released Chrome version 150, addressing 15 security vulnerabilities. Two critical use-after-free flaws (CVE-2026-15764, CVE-2026-15765) in Chrome’s Ozone component are...

David kimber
David kimber
July 15, 2026 3 Min Read
4 0

Key Takeaways

  • Google has released Chrome version 150, addressing 15 security vulnerabilities.
  • Two critical use-after-free flaws (CVE-2026-15764, CVE-2026-15765) in Chrome’s Ozone component are among the most severe.
  • These critical vulnerabilities could potentially allow for arbitrary code execution.
  • The update also resolves numerous high-severity bugs across various browser components.
  • Users are strongly advised to update their Chrome browsers immediately to protect against potential exploitation.

Chrome 150 Update Addresses Critical Code Execution Flaws

Google has initiated the rollout of Chrome version 150, a crucial stable channel update designed to bolster the browser’s security posture. This latest release, specifically version 150.0.7871.124/.125 for Windows and macOS, and 150.0.7871.124 for Linux, patches a total of 15 security vulnerabilities, including two critical memory safety issues.

Table Of Content

  • Key Takeaways
  • Chrome 150 Update Addresses Critical Code Execution Flaws
  • Critical Use-After-Free Vulnerabilities in Ozone
  • High-Severity Bugs Also Patched
  • What You Should Do

While the update’s deployment will occur incrementally over the coming days and weeks, Google urges both enterprise and individual users to apply the patch as soon as it becomes available to mitigate potential risks.

Critical Use-After-Free Vulnerabilities in Ozone

The most pressing concerns addressed in this update are two critical use-after-free vulnerabilities, identified as CVE-2026-15764 and CVE-2026-15765. Both flaws reside within Ozone, Chrome’s fundamental platform integration layer responsible for managing windowing, input, graphics, and display functions across supported operating systems.

A use-after-free vulnerability arises when a program attempts to access memory that has already been deallocated. This can be exploited by attackers to manipulate the freed memory, potentially leading to arbitrary code execution. In the context of a web browser, a malicious actor could craft specific web content or a website to trigger these vulnerabilities, compromising the user’s system.

Google has classified both Ozone vulnerabilities as critical, indicating their severe potential impact. Although detailed technical specifics of potential exploits have not been publicly disclosed, the severity rating suggests that these flaws could enable code execution under specific circumstances.

To minimize the risk of attackers developing and deploying exploits against unpatched systems, Google plans to withhold comprehensive bug information until a significant portion of the Chrome user base has successfully installed the necessary security fixes.

High-Severity Bugs Also Patched

Chrome 150 also fixes several high-severity bugs across various core browser components. Notable among these are CVE-2026-15766, an uninitialized-use vulnerability affecting Skia, Chrome’s graphics rendering engine, and CVE-2026-15767, a heap buffer overflow found in libyuv, a library critical for image and video format conversion.

Several other high-severity vulnerabilities impact V8, Chrome’s high-performance JavaScript and WebAssembly engine. These include CVE-2026-15770, an uninitialized memory use flaw, and CVE-2026-15775, which addresses an issue of insufficient policy enforcement.

Security researcher Salvatore Gulizia is credited with reporting CVE-2026-15776, a type confusion vulnerability in V8. This flaw can lead to memory corruption by enabling code to misinterpret an object’s type.

The update further resolves additional use-after-free vulnerabilities within the GPU, Core, Skia, and UI components. Furthermore, issues related to insufficient validation and policy enforcement have been addressed in HTML-in-Canvas, Linux Toolkit Theming, Media, and Navigation.

Google has acknowledged the contributions of its internal research teams, Microsoft researcher xinchaotian, and independent researcher Salvatore Gulizia for their efforts in identifying and reporting these vulnerabilities. Information regarding some reporters and associated reward amounts is currently listed as “TBD.”

What You Should Do

  • Update Immediately: Individual users should update their Chrome browser without delay. Open Chrome, navigate to Settings, then “About Chrome,” and relaunch the browser once the update has downloaded.
  • Verify Version: For organizations, ensure that all managed endpoints are running Chrome version 150.0.7871.124 or later on Linux, and versions 150.0.7871.124/.125 or later on Windows and macOS.
  • Enable Automatic Updates: Confirm that automatic updates are enabled for Chrome across all devices to ensure timely application of future security patches.
  • Stay Informed: Regularly monitor official Google Chrome release channels for further security advisories and updates.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityVulnerability

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Critical Flaw in EU Age Verification App Lets Attackers Bypass Checks

Next Post

LabubaRAT Malware Impersonates NVIDIA to Hijack Windows Systems

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Chrome 150 Update Patches 15 Flaws, Two Critical Code Execution Vulnerabilities
July 15, 2026
Critical Flaw in EU Age Verification App Lets Attackers Bypass Checks
July 15, 2026
Critical SonicWall Firewall CVE-2021-20021, CVE-2021-20022 Zero-Days Actively Exploited
July 15, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us