Google patches 28 dangerous vulnerabilities in Chrome

Google has officially rolled out a major security update for Chrome, addressing 28 vulnerabilities. Among these are several critical flaws that could allow attackers to execute malicious code on targeted systems. This is a crucial patch for both individual users and organizations to defend against potential cyber threats.

What does the latest Chrome security update address?

The latest Stable channel release upgrades Chrome to version 149.0.7827.114/.115 on Windows and macOS, and 149.0.7827.114 on Linux. Because the rollout is taking place progressively, it is expected to reach all users globally over the coming days and weeks. Google has also published a comprehensive changelog highlighting all the modifications included in this release.

How do the most critical vulnerabilities work and what is their impact?

Among the most severe issues fixed are multiple critical-level memory corruption vulnerabilities. This includes "use-after-free" flaws - which occur when memory is improperly managed, allowing attackers to manipulate memory regions that have already been allocated and cleared, found within core components such as Core, DigitalCredentials, and WebMIDI, tracked as CVE-2026-12007, CVE-2026-12008, and CVE-2026-12011.

Additionally, Google resolved a critical heap buffer overflow vulnerability within the GPU component (CVE-2026-12010), alongside an insufficient validation of untrusted input flaw in the Accessibility module (CVE-2026-12009).

What are the high and medium-severity flaws fixed in this update?

In addition to critical bugs, the security update mitigates various high-severity issues across multiple Chrome modules. Several of these involve use-after-free flaws affecting the Network, Media, Autofill, GPU, video, and views modules. These memory corruption errors are frequently chained together by cybercriminals in complex exploit chains.

Why is detailed information about these vulnerabilities currently restricted?

While Google has not confirmed whether any of these flaws are being actively exploited in the wild, the presence of numerous memory-related bugs significantly heightens the risk. Attackers regularly target such weaknesses using malicious sites, exploit kits, or compromised advertising networks.

To minimize exposure, Google has intentionally restricted public access to the technical details of these vulnerabilities until a majority of users have updated their browsers. This preventative approach stops attackers from reverse-engineering the patches to develop exploits before systems are secured.

What actions should individual users and enterprises take right now?

Users are strongly urged to update their Chrome browser to the latest version immediately to safeguard against potential exploits. Although automatic updates are typically enabled by default, you can manually force an update by navigating to the Chrome settings menu.

For enterprises, prioritizing patch deployment across all corporate endpoints is essential to reduce the attack surface and prevent potential intrusions. Staying informed through the latest security bulletins and swiftly applying software updates remain cornerstone practices of modern cybersecurity strategies.

Solutions to build a “digital shield” for enterprises

With deep expertise in digital infrastructure and information security, IPSIP Vietnam provides professional consulting and managed services, helping businesses maintain seamless workflow continuity even when global technology ecosystems experience unexpected technical disruptions.

IPSIP Vietnam's management and monitoring systems have successfully passed the most rigorous audits to achieve top international information security certifications, including ISO 27001:2022 and SOC 2 Type II.

By providing 24/7 non-stop core services - such as the Security Operations Center (SOC), Network Operations Center (NOC), and a dedicated, on-duty IT Support/Helpdesk team - IPSIP commits to directly responding to and intercepting any intrusion attempts, day or night. Partnering with these leading technical minds will help businesses completely eliminate legal and compliance risks, freeing up valuable resources to focus entirely on growth objectives.