Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
QR Code Phishing Attacks Steal Credentials and Deliver Malware
July 9, 2026
GitHub Copilot Blocks Harmful Prompts in Chat, Writes Them in Code
July 9, 2026
AI Agents Vulnerable to Remote Code Execution Attacks
July 9, 2026
Home/CyberSecurity News/Chrome Update Patches 27 Vulnerabilities, Two Critical Code Execution Flaws
CyberSecurity News

Chrome Update Patches 27 Vulnerabilities, Two Critical Code Execution Flaws

Key Takeaways Google has released an urgent update for its Chrome browser, addressing 27 security vulnerabilities. Two critical remote code execution (RCE) flaws, CVE-2026-15112 and CVE-2026-15129,...

Sarah simpson
Sarah simpson
July 9, 2026 4 Min Read
2 0

Key Takeaways

  • Google has released an urgent update for its Chrome browser, addressing 27 security vulnerabilities.
  • Two critical remote code execution (RCE) flaws, CVE-2026-15112 and CVE-2026-15129, pose significant risks.
  • The vulnerabilities affect multiple Chrome components across Windows, macOS, and Linux platforms.
  • Users are strongly advised to update to Chrome version 150.0.7871.114/.115 immediately to patch these severe issues.

Chrome Update Addresses 27 Vulnerabilities, Including Critical Remote Code Execution Flaws

Google has rolled out a crucial Stable channel update for its Chrome browser, addressing a total of 27 security vulnerabilities. Among these are two critical flaws that could enable remote code execution (RCE) on affected systems, posing a significant threat to user security.

Table Of Content

  • Key Takeaways
  • Chrome Update Addresses 27 Vulnerabilities, Including Critical Remote Code Execution Flaws
  • Critical Use-After-Free Vulnerabilities Identified
  • High-Severity Flaws Across Core Components
  • Overview of Key Patched Vulnerabilities
  • What You Should Do

The update, which is currently being deployed globally, elevates Chrome to version 150.0.7871.114/.115 for Windows and macOS users, and to version 150.0.7871.114 for Linux users.

Critical Use-After-Free Vulnerabilities Identified

The most severe issues patched in this release are identified as CVE-2026-15112 and CVE-2026-15129. Both are classified as critical use-after-free vulnerabilities, a dangerous class of memory corruption bugs.

CVE-2026-15112 specifically targets Chrome’s Ozone platform abstraction layer, while CVE-2026-15129 affects the Views UI framework. Use-after-free vulnerabilities arise when a program attempts to access memory that has already been deallocated. This can lead to memory corruption, which attackers can manipulate to execute arbitrary code on the victim’s machine.

In practical attack scenarios, a successful exploit could allow a remote attacker to compromise a user’s system simply by tricking them into visiting a specially crafted malicious webpage.

High-Severity Flaws Across Core Components

Beyond the critical RCE vulnerabilities, Google’s update also addresses numerous high-severity vulnerabilities impacting various Chrome components. These include a range of memory-safety issues, such as additional use-after-free flaws found in Autofill, WebRTC, Core, Input, Payments, and Forms. Furthermore, uninitialized memory usage vulnerabilities were discovered in the V8 JavaScript engine and ANGLE graphics abstraction layer.

Several other vulnerabilities stem from insufficient validation of untrusted input within components like WebAppInstalls and Codecs. Such flaws could be exploited to trigger unexpected browser behavior or to bypass existing security controls, potentially leading to further compromise.

Notably, CVE-2026-15132 points to an uninitialized use vulnerability in the V8 JavaScript engine. As a critical component responsible for executing web scripts, V8 is a frequent target for attackers due to its complexity and direct interaction with web content, making vulnerabilities within it particularly valuable for exploit development.

Another significant issue, CVE-2026-15108, involves an integer overflow in the Extensions API. This flaw could be leveraged by malicious browser extensions or crafted inputs to undermine browser integrity.

Google has also fixed multiple issues related to logic and policy enforcement, including deficiencies in password management, navigation handling, and DOM validation. While these weaknesses may not directly lead to code execution, they can be exploited to weaken browser security boundaries and facilitate more complex attacks.

Consistent with standard security practices for Chrome releases, detailed technical information for many of these vulnerabilities remains restricted. This measure is crucial to prevent threat actors from actively exploiting the flaws before a sufficient number of users have applied the necessary updates.

Overview of Key Patched Vulnerabilities:

CVE ID Vulnerability Type Affected Component Severity
CVE-2026-15112 Use-after-free Ozone Critical
CVE-2026-15129 Use-after-free Views Critical
CVE-2026-15132 Uninitialized use V8 High
CVE-2026-15133 Use-after-free InterestGroups High
CVE-2026-15108 Integer overflow Extensions API High
CVE-2026-15109 Uninitialized use ANGLE High
CVE-2026-15110 Use-after-free Extensions High
CVE-2026-15111 Use-after-free Views High
CVE-2026-15113 Use-after-free Autofill High
CVE-2026-15114 Out-of-bounds read/write Codecs High
CVE-2026-15115 Insufficient input validation WebAppInstalls High
CVE-2026-15116 Use-after-free Actor High
CVE-2026-15117 Use-after-free Payments High
CVE-2026-15118 Use-after-free Input High
CVE-2026-15119 Inappropriate implementation GetUserMedia High
CVE-2026-15120 Use-after-free Core High
CVE-2026-15121 Use-after-free WebRTC High
CVE-2026-15122 Insufficient input validation Codecs High
CVE-2026-15123 Insufficient data validation DOM High
CVE-2026-15124 Insufficient policy enforcement Passwords High
CVE-2026-15125 Inappropriate implementation Forms High
CVE-2026-15126 Use-after-free Forms High
CVE-2026-15127 Inappropriate implementation WebGL High
CVE-2026-15128 Inappropriate implementation Forms High
CVE-2026-15130 Insufficient policy enforcement Navigation High
CVE-2026-15107 Use-after-free IndexedDB Medium
CVE-2026-15131 Insufficient data validation Navigation Medium

Google confirmed that many of these bugs were identified internally through the use of advanced fuzzing and memory analysis tools, including AddressSanitizer, libFuzzer, and Control Flow Integrity mechanisms. This highlights the critical role of automated security testing in maintaining the integrity of modern browser ecosystems.

While there is currently no evidence to suggest that these vulnerabilities are being actively exploited in the wild, the presence of multiple memory corruption issues significantly elevates the risk of future weaponization. Threat actors frequently combine such flaws with sandbox escape techniques to achieve full system compromise.

What You Should Do

  • Update Chrome Immediately: Navigate to your Chrome browser’s settings, then to “About Chrome,” and allow it to check for and install updates. Restart the browser as prompted.
  • Enable Automatic Updates: Ensure your browser is configured to automatically apply updates to receive critical patches without delay.
  • Be Wary of Malicious Links: Avoid clicking on suspicious links or visiting unfamiliar websites, as these could be used to exploit unpatched vulnerabilities.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityThreatVulnerability

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

Critical GoodPersonRAT Malware Uses Fake LetsVPN Installer for Full Remote Control

Next Post

AI Agents Vulnerable to Remote Code Execution Attacks

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Microsoft Patches Critical Defender Zero-Day Vulnerability CVE-2023-XXXXX
July 9, 2026
Critical GhostApproval Flaw in Amazon Q, Claude, Cursor Exposes AI Agents
July 9, 2026
Palo Alto Networks Patches Critical PAN-OS Vulnerability CVE-2024-3400 for RCE
July 9, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
David kimber
David kimber
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us