CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 12, 2026

Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code

Cybersecurity News Archived Jun 12, 2026 ✓ Full text saved

Google has released a new Chrome security update addressing 28 vulnerabilities, including several critical flaws that could allow attackers to execute malicious code on affected systems. The latest Stable channel update upgrades Chrome to version 149.0.7827.114/.115 on Windows and macOS, and to 149.0.7827.114 on Linux. The rollout is being deployed gradually and is expected to […] The post Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code appeared first on C

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code By Abinaya June 12, 2026 Google has released a new Chrome security update addressing 28 vulnerabilities, including several critical flaws that could allow attackers to execute malicious code on affected systems. The latest Stable channel update upgrades Chrome to version 149.0.7827.114/.115 on Windows and macOS, and to 149.0.7827.114 on Linux. The rollout is being deployed gradually and is expected to reach users over the coming days and weeks. Google has also published a detailed changelog outlining all modifications included in this release. Critical Vulnerabilities Enable Code Execution Among the most serious issues patched are multiple critical memory-corruption vulnerabilities. These include several use-after-free flaws in core components, including Core, DigitalCredentials, and WebMIDI, identified as CVE-2026-12007, CVE-2026-12008, and CVE-2026-12011. Such vulnerabilities occur when memory is improperly managed, allowing attackers to manipulate freed memory regions. Google also addressed a critical heap buffer overflow vulnerability in the GPU component, tracked as CVE-2026-12010, along with an insufficient validation of untrusted input issue in the Accessibility component, identified as CVE-2026-12009. These flaws could be exploited by convincing users to visit specially crafted web pages, potentially enabling arbitrary code execution and leading to full system compromise. In addition to the critical vulnerabilities, the update resolves numerous high-severity issues affecting a wide range of Chrome components. Several of these involve use-after-free vulnerabilities across Network, Media, Autofill, GPU, Video, and Views modules. These bugs can lead to memory corruption and are often leveraged in exploit chains. Other high-severity issues include out-of-bounds read and write vulnerabilities in components such as Codecs, Video, and VideoCapture, which could allow attackers to access or manipulate memory in unintended ways. A heap buffer overflow vulnerability in the GPU component further increases the risk of exploitation. The update also fixes multiple instances of insufficient validation of untrusted input in DevTools, Extensions, Network, and Linux Toolkit Theming. In addition, Google addressed improper policy enforcement issues in DevTools and Headless mode, as well as a race condition vulnerability in Safe Browsing. These weaknesses could potentially be abused to bypass security restrictions or interfere with browser protections. Although Google has not confirmed whether these vulnerabilities are being actively exploited in the wild, the presence of multiple memory-related flaws significantly raises the likelihood of exploitation. Attackers frequently target such vulnerabilities through malicious websites, exploit kits, or compromised advertising networks. To minimize risk, Google has restricted access to detailed vulnerability information until a majority of users have installed the update. This approach helps prevent attackers from analyzing patches to develop exploits before systems are secured. Google credited both internal security teams and external researchers for identifying and reporting these vulnerabilities. The company also emphasized the role of advanced detection tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL in discovering and mitigating security flaws during development. Users are strongly encouraged to update Chrome immediately to the latest version to protect against potential threats. While automatic updates are typically enabled, users can manually verify their browser version through the Chrome settings panel. Organizations should prioritize patch deployment across all systems to reduce exposure and prevent possible exploitation. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News OpenClaw AI Agent Leaks Sensitive Credentials in New Phishing Attack Simulation Critical Veeam Vulnerability Allows RCE Attacks on Backup Servers Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters SAP Security Patch Day – Critical Vulnerabilities in SAP NetWeaver Patched Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials Latest News Cyber Security News Palo Alto PAN-OS Vulnerability Allows Attackers to Execute Arbitrary Commands as Root User Cyber Security Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data Cyber Attack News Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters Cyber Security CISA Requires Federal Agencies to Patch Critical Vulnerabilities Within 3 Days Cyber Security News OceanLotus APT Compromises FireAnt MetaKit in Supply-Chain Attack on Stock Investors
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 12, 2026
    Archived
    Jun 12, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗