Cybersecurity NewsArchived Jun 08, 2026✓ Full text saved
Chrome users should treat the latest stable update as an urgent security priority, with Google patching 429 vulnerabilities, including 22 rated critical, in Chrome 149.0.7827.53 across Windows, macOS, Linux and Chrome for iOS. Google has promoted Chrome 149.0.7827.53 to the stable channel with one of the largest security patch bundles seen in a single release […] The post Chrome Patches 429 Vulnerabilities Including 22 Critical Ones – Update Now! appeared first on Cyber Security News .
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeChrome
Chrome Patches 429 Vulnerabilities Including 22 Critical Ones – Update Now!
By Abinaya
June 8, 2026
Chrome users should treat the latest stable update as an urgent security priority, with Google patching 429 vulnerabilities, including 22 rated critical, in Chrome 149.0.7827.53 across Windows, macOS, Linux and Chrome for iOS.
Google has promoted Chrome 149.0.7827.53 to the stable channel with one of the largest security patch bundles seen in a single release cycle, covering 429 distinct vulnerabilities.
The fixes span the browser engine, graphics and GPU layers, media pipeline, UI, networking stack and Chrome‑specific features such as Autofill, Password Manager, DevTools, WebView and Chrome for iOS.
As usual, Google is limiting access to detailed issue descriptions and bug tracker entries until most users have updated, to reduce the likelihood of threat actors weaponizing them.
This release targets desktop builds on Windows, Mac and Linux, alongside coordinated fixes for Chrome on iOS, Chromecast and other ecosystem components that share core code.
For enterprises, the update represents a broad hardening step across multiple devices, where Chrome is often the first line of defense against untrusted web content, SaaS apps, and cloud control planes.
Chrome Patches 429 Vulnerabilities
Of the 429 bugs, 22 are classified as critical, many of which are rooted in memory‑safety defects in graphics, GPU, and core browser components.
These include out‑of‑bounds read and write issues in ANGLE (such as CVE‑2026‑10881 and CVE‑2026‑10883) and a stack buffer overflow in the GPU stack (CVE‑2026‑10898).
Multiple use‑after‑free conditions across Network, Chromecast, Cast Streaming, Chromoting, Printing, FileSystem, GFX, Ozone and Chrome for iOS.
Such flaws are prime candidates for remote code execution, sandbox escape, and privilege escalation when combined with weaknesses in the renderer or JavaScript engine.
The presence of several critical issues affecting Chrome for iOS and casting components also raises the risk profile for users and organizations that rely on Chrome in multi‑device workflows, meeting rooms and hybrid work environments.
Beyond the critical set, Google has addressed a substantial number of high‑severity vulnerabilities, many of which are directly reachable from web content.
These include type confusion and implementation bugs in V8, use-after-free in WebRTC, Network, WebAuthentication, Audio, UI, and FileSystem, as well as integer overflows in Dawn, DevTools, Media, and V8.
Collectively, they provide building blocks for exploit chains that can pivot from browser compromise into persistence or lateral movement inside enterprise networks.
Hundreds of medium‑severity issues focus on insufficient validation of untrusted input, policy bypasses, uninitialized use, and incorrect security UI.
CVE ID Component Bug class
CVE‑2026‑10881 ANGLE Out‑of‑bounds read/write
CVE‑2026‑10882 Network Use‑after‑free
CVE‑2026‑10883 ANGLE Out‑of‑bounds write
CVE‑2026‑10884 Chromecast Use‑after‑free
CVE‑2026‑10885 Chrome for iOS Use‑after‑free
CVE‑2026‑10886 FileSystem Use‑after‑free
CVE‑2026‑10887 Chromoting Use‑after‑free
CVE‑2026‑10888 Cast Streaming Use‑after‑free
CVE‑2026‑10889 ANGLE Out‑of‑bounds read
CVE‑2026‑10890 Cast Use‑after‑free
CVE‑2026‑10891 GFX Use‑after‑free
CVE‑2026‑10892 GPU Out‑of‑bounds write
CVE‑2026‑10893 Chromoting Use‑after‑free
CVE‑2026‑10894 Printing Use‑after‑free
CVE‑2026‑10895 Ozone Use‑after‑free
CVE‑2026‑10896 Chrome for iOS Use‑after‑free
CVE‑2026‑10897 GPU Out‑of‑bounds write
CVE‑2026‑10898 GPU Stack buffer overflow
CVE‑2026‑10899 Ozone Use‑after‑free
CVE‑2026‑10900 Passwords Use‑after‑free
CVE‑2026‑10901 Passwords Use‑after‑free
CVE‑2026‑10902 Ozone Use‑after‑free
Data‑handling weaknesses in components such as Password Manager, WebView, CSS, SVG, USB, GPU, WebRTC, Safe Browsing, and others.
While individually less severe, these bugs align well with modern tracking and exploitation techniques, from leaking sensitive state to bypassing consent prompts or eroding isolation boundaries in complex deployments.
The update also delivers numerous low‑severity fixes in peripheral but important components, including TabStrip, Navigation, DevTools, Content Settings, Safe Browsing, Extensions, Enterprise features and various UI elements.
These issues often relate to incorrect security UI, insufficient policy enforcement and subtle edge‑case behavior that, if left unpatched, could still be abused in targeted scenarios or combined with higher‑impact bugs.
Google credits a broad community of independent researchers, academic labs and internal teams, emphasizing the role of sanitizers and fuzzing frameworks such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer and AFL in surfacing many of the memory‑safety defects.
Even with this proactive detection, the sheer volume of vulnerabilities in this release underlines the ongoing intensity of browser security work and the importance of timely patch adoption.
Given the concentration of critical and high‑severity vulnerabilities in components such as ANGLE, GPU, Network, Password Manager, WebRTC, and Chrome for iOS, organizations and end users should prioritize deploying Chrome 149.0.7827.x without delay.
Security teams should enforce automatic updates wherever possible, push the new build fleet‑wide through management tooling, verify coverage, and prepare to track any exploitation attempts tied to these CVEs once full technical details are made public.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Microsoft 365 Service Degradation Bypassed Windows Driver Auto-Update Controls
OWASP Releases AI Security Report to Empower Security Professionals with New Tools
Hackers Use Meta’s AI Bot to Reset Passwords and Hijack Instagram Accounts
Hola Browser for Windows Delivery Pipeline Compromised to Deliver Cryptominer
Attackers Abuse AWS, Google Cloud, Cloudflare, and Microsoft Services to Hide Malicious Traffic
Latest News
Cyber Security News
Internet Explorer WebBrowser Control Attack Chain Turns Clicks Into RCE
Cyber Security News
Multiple VMware Stored XSS Vulnerabilities Allow Attackers to Inject Malicious Scripts
Cyber Security News
UniFi OS Server Critical RCE Chain Allows Root Access Without Credentials
Cyber Security News
Critical Redis RCE Vulnerability Enable Attackers to Gain Complete Control to Host Server
Cyber Security News
Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams