Chrome 149 Update Resolves 18 Severe Vulnerabilities
Security WeekArchived Jun 25, 2026✓ Full text saved
More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution. The post Chrome 149 Update Resolves 18 Severe Vulnerabilities appeared first on SecurityWeek .
Full text archived locally
✦ AI Summary· Claude Sonnet
Google on Wednesday rolled out a new Chrome 149 update that resolves 18 vulnerabilities, including four critical and 14 high-severity security defects.
More than half of the addressed issues, including three critical and seven high-severity, are use-after-free flaws, a type of memory corruption bug that could lead to remote code execution (RCE).
In Chrome, use-after-free vulnerabilities can be combined with security holes in the underlying operating system or in a privileged browser process to escape the sandbox.
The remaining eight issues patched in this update are out-of-bounds read, inappropriate implementation, uninitialized use, and insufficient validation of untrusted input bugs.
Per Google’s advisory, the most severe of the flaws was reported by an anonymous researcher. The company has yet to disclose the bug bounty amount to be rewarded for the report.
The remaining 17 security defects were discovered by Google, a trend that has been ongoing for the past couple of months, likely fueled by the use of AI.
Also notable is the fact that, following a spike in new vulnerability discoveries in April and May, which culminated in a massive batch of 429 patches in early June, the number of fresh security weaknesses addressed with each new Chrome release has dropped into the lower two digits.
Google makes no mention of any of the newly resolved vulnerabilities being exploited in the wild.
The latest Chrome iteration is now rolling out as versions 149.0.7827.196/197 for Windows and macOS and as version 149.0.7827.196 for Linux.
Related: Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk
Related: Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities
Related: Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs
Related: Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking
WRITTEN BY
Ionut Arghire
Ionut Arghire is an international correspondent for SecurityWeek.
More from Ionut Arghire
New ‘Mistic’ RAT Opens Door to Several Ransomware Families
Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking
BeyondTrust, LastPass Impacted by Klue-Salesforce Incident
Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances
OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery
Russian Initial Access Broker Behind FortiBleed Campaign
Canadian Electricity Provider London Hydro Discloses Data Breach
Latest News
Cisco SD-WAN Zero-Day Exploited Months Before Patching
When Information Becomes the Attack Surface – Understanding AI Agent Traps
Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware
Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk
macOS Weaknesses Chained to Silently Disable Endpoint Security Agents
Third DraftKings Hacker Sentenced to 18 Months in Prison
Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs
Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed
Trending
Webinar: How Modern Breaches Bypass MFA And Evade Detection
June 17, 2026
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
Register
Webinar: Modern Exposure Validation In The AI Era
June 24, 2026
AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
Register
People on the Move
Fable Security has appointed Jacob Berry as Chief Information Security Officer.
iCOUNTER has named Ali Waezzadah as Chief Information Security Officer.
Roger Hale has joined 1Kosmos as Chief Information Security Officer.
More People On The Move
Expert Insights
When Information Becomes The Attack Surface – Understanding AI Agent Traps
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor)
What The Latest ShinyHunters Breaches Reveal About Modern Cyberattacks
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George)
No Exploits Required
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley)
After AI Reaches Production: 12 Ways Security Teams Can Take Control
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb)
Everybody Is Vibe Coding But Nobody Told The Security Team
AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au)
Flipboard
Reddit
Whatsapp
Email