27 Security Vulnerabilities Fixed in Google Chrome Browser: Users Urged to Update Immediately!

Google has announced the latest security update for its Google Chrome browser. This update addresses 27 security vulnerabilities discovered in the browser. Among them are two critical vulnerabilities that allow Remote Code Execution (RCE).

Following the update, Chrome browser versions are now 150.0.7871.114/.115 for Windows and macOS, and 150.0.7871.114 for Linux.

The Most Critical Vulnerabilities

The most significant vulnerabilities addressed in this update are:

  • CVE-2026-15112 — A Use-After-Free vulnerability in Chrome’s Ozone platform abstraction layer;
  • CVE-2026-15129 — A Use-After-Free vulnerability in the Views user interface component.

These vulnerabilities are related to memory management and occur when the program accesses previously freed memory regions. Such conditions can lead to memory corruption and may be exploited by attackers to execute malicious code.

If successfully exploited, a user could lose control of their device simply by visiting a specially crafted malicious web page. In some cases, these vulnerabilities may be combined with other vulnerabilities to escape the browser’s sandbox protection, creating a risk of full operating system compromise.

Other High-Severity Vulnerabilities

Most of the other vulnerabilities addressed by Google were also rated as High severity and were discovered in various components of the browser.

Specifically:

  • Uninitialized Use in the V8 JavaScript engine;
  • Use-After-Free vulnerabilities in the Autofill, Payments, Input, Core, WebRTC, Forms, and InterestGroups modules;
  • Integer Overflow in the Extensions API component;
  • Insufficient input validation in the Codecs, WebAppInstalls, and DOM components;
  • Improper security policy enforcement in the Passwords and Navigation modules;
  • Logical errors and incorrect implementations in WebGL, GetUserMedia, and other components.

In particular, the vulnerability identified as CVE-2026-15132 was discovered in the V8 JavaScript engine, which is the heart of the Chrome browser. Since this component is responsible for executing JavaScript code on web pages, it is one of the most frequently targeted parts of the browser. Therefore, vulnerabilities related to V8 often become key links in complex exploit chains.

Additionally, the vulnerability identified as CVE-2026-15108 was discovered in the Extensions API module, which could allow malicious browser extensions or specially crafted data to compromise the integrity of the browser.

Why Are Memory-Related Vulnerabilities Dangerous?

In recent years, many sophisticated cyberattacks targeting browsers have been based on memory management errors. Vulnerabilities such as Use-After-Free, Out-of-Bounds Read/Write, Integer Overflow, and Uninitialized Memory can allow attackers to execute arbitrary code by corrupting program memory.

When combined with other exploitation techniques, such vulnerabilities can lead to serious consequences:

  • theft of user data;
  • hijacking of browser sessions;
  • covert installation of malware;
  • full system compromise.

How Were the Vulnerabilities Discovered?

According to Google, some of the vulnerabilities were discovered by company researchers using modern automated security tools.

These include:

  • AddressSanitizer (ASan) — for detecting memory-related errors;
  • libFuzzer — for finding vulnerabilities through automated fuzzing;
  • Control Flow Integrity (CFI) — technology for detecting control flow violations.

These tools allow for early detection of vulnerabilities before they can be exploited and significantly enhance browser security.

No Active Exploitation Reported So Far

Google has stated that there is currently no information about active exploitation of these vulnerabilities in the wild. At the same time, the company has not fully disclosed the technical details of the vulnerabilities. This approach is used to prevent cybercriminals from developing exploits and to give users sufficient time to install the update.

In cybersecurity practice, vulnerabilities related to memory corruption are considered among the most dangerous categories. Experience shows that such vulnerabilities are frequently turned into exploit tools and used in complex attacks in combination with other vulnerabilities.

Recommendations for Users

From a cybersecurity perspective, it is recommended to take the following measures:

  • update Google Chrome to the latest version as soon as possible;
  • keep the browser’s automatic update feature always enabled;
  • only use browser extensions installed from trusted sources;
  • avoid clicking on unknown links and visiting suspicious websites;
  • regularly update the operating system and other software;
  • use protective tools such as antivirus and Endpoint Detection and Response (EDR) solutions;
  • enable multi-factor authentication (MFA) for important accounts.

Conclusion

The latest security update for Google Chrome has addressed 27 vulnerabilities discovered in the browser, including two critical vulnerabilities that could lead to remote code execution. Since modern browsers are complex systems consisting of millions of lines of code, periodic discovery of vulnerabilities is a natural process. Therefore, regularly updating the browser and operating system, following good cyber hygiene practices, and adhering to security recommendations are among the most effective ways to ensure cybersecurity for users.