Skip to content
Vulnerabilities

Chrome Update Patches 382 Vulnerabilities Including 15 Critical One’s that Enables Code Execution Attacks

Chrome 151’s latest stable-channel update delivers patches for 382 security vulnerabilities, including 15 critical bugs that can be weaponized for remote code execution and full browser compromise if left unpatched. Google is rolling this update out for Windows, macOS, Linux, and Chrome for iOS, wit...

· Jul 01, 2026 · 4 min read · 👁 1 views
Chrome Update Patches 382 Vulnerabilities Including 15 Critical One’s that Enables Code Execution Attacks

Chrome 151’s latest stable-channel update delivers patches for 382 security vulnerabilities, including 15 critical bugs that can be weaponized for remote code execution and full browser compromise if left unpatched.

Google is rolling this update out for Windows, macOS, Linux, and Chrome for iOS, with security fixes spanning almost every core component of the browser stack.

According to Google’s release notes, Chrome 151 (with desktop build 150.0.7871.46) includes 382 distinct security fixes covered under the Chrome Vulnerability Rewards Program.

Bug details remain partially restricted until the majority of users receive the update, in line with Google’s standard coordinated disclosure process.

The patch set addresses vulnerabilities ranging from critical remote code-execution issues to low‑severity UI and policy-enforcement flaws affecting web, graphics, casting, networking, and iOS-specific components.

Many of these bugs were identified internally by Google using modern memory‑safety tooling such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, and fuzzing frameworks.

2026 Microsoft Vulnerabilities Report

Download Free Microsoft Vulnerabilities Report 2026
– A The latest Microsoft Vulnerabilities data, analyzed.

Download Now

Chrome Update Patches 382 Vulnerabilities

Google classifies 15 of the fixed vulnerabilities as critical, with most described as “use after free” issues in high‑risk components such as Extensions, GPU, WebUSB, Browser, Views, Bluetooth, Chromoting, and Ozone.

These memory‑corruption flaws can often be chained to achieve arbitrary code execution in the browser or underlying OS context when a user visits a maliciously crafted page or interacts with attacker‑controlled content.

The critical set also includes type confusion and insufficient validation of untrusted input in rendering and graphics subsystems such as Dawn, ANGLE, and Skia, as well as in iOSWeb’s input handling.

Exploiting these bugs could allow attackers to bypass sandbox boundaries, trigger heap corruption, or hijack control flow, greatly increasing the risk of drive‑by compromise scenarios.

Beyond the 15 critical issues, Google fixed a large number of high‑severity vulnerabilities across areas such as Chromecast, QUIC, Updater, SVG, Chrome for iOS, Safe Browsing, Accessibility, Canvas, File Input, and enterprise‑focused features.

Many of these are also use‑after‑free, heap buffer overflow, integer overflow, or insufficient policy enforcement issues that can facilitate information disclosure, privilege escalation, or sandbox escape in realistic attack chains.

The update further addresses hundreds of medium‑severity flaws touching Web Authentication, WebHID, WebXR, DevTools, Autofill, Passwords, PDF, Codecs, Fonts, and various UI components.

While individually less impactful, these bugs collectively expand Chrome’s attack surface and can be chained with other vulnerabilities to improve exploit reliability or bypass security prompts and indicators.

Google also ships dozens of low‑severity fixes focused on incorrect security UI, policy bypasses, and insufficient validation in components such as SplitView, WebXR, Network, WebNN, Chrome for iOS, TabStrip, Storage, GamepadAPI, History Embeddings, and newer AI- and credential‑related features.

These issues often contribute to user deception, inconsistent security states, or subtle sandbox and permission bypasses rather than direct code execution.

CVE IDComponentRoot cause / bug classReported byReport date
CVE-2026-13774ExtensionsUse after free in ExtensionsGoogle2026-04-26
CVE-2026-13775GPUUse after free in GPUGoogle2026-05-10
CVE-2026-13776DawnType confusion in DawnGoogle2026-05-14
CVE-2026-13777iOSWebInsufficient validation of untrusted input in iOSWebGoogle2026-05-14
CVE-2026-13778WebUSBUse after free in WebUSBGoogle2026-05-14
CVE-2026-13779ChromotingUse after free in ChromotingGoogle2026-05-14
CVE-2026-13780ANGLEInsufficient validation of untrusted input in ANGLEGoogle2026-05-19
CVE-2026-13781SkiaInsufficient validation of untrusted input in SkiaGoogle2026-05-25
CVE-2026-13782BrowserUse after free in BrowserGoogle2026-05-26
CVE-2026-13783ViewsUse after free in ViewsGoogle2026-05-27
CVE-2026-13784ViewsUse after free in ViewsGoogle2026-05-27
CVE-2026-13785BluetoothUse after free in BluetoothGoogle2026-05-27
CVE-2026-13786OzoneUse after free in OzoneGoogle2026-05-29
CVE-2026-13787ChromotingUse after free in ChromotingGoogle2026-06-11
CVE-2026-13788FullscreenUse after free in FullscreenGoogle2026-06-12

Although categorized as low severity, such weaknesses are important for overall browser hardening, especially when targeted by sophisticated threat actors who rely on multi‑bug exploitation chains and social engineering.

Google credits numerous external researchers and partners, alongside its internal teams, for reporting these issues during the Chrome 151 development cycle.

Google recommends that all users update to the latest Chrome 151 stable release as soon as possible to mitigate the risk of code execution attacks based on these vulnerabilities.

For enterprises, security teams should prioritize testing and rolling out Chrome 151 across managed fleets, paying particular attention to environments that rely heavily on extensions, remote desktop (Chromoting), WebUSB, WebXR, Chromecast, and Chrome for iOS.

Organizations should also review their browser security baselines, including extension governance, site isolation policies, Safe Browsing settings, and OS‑level exploit mitigations to ensure that they complement the protections introduced in this update.

Where possible, enabling automatic updates and monitoring Chrome’s security advisory channels can help reduce exposure windows to similar large‑scale vulnerability batches in future releases.

Source: CybersecurityNews.com

Follow ShomoySoft for more: Follow on Facebook

💬 Comments (0)

Login to join the discussion.

No comments yet. Be the first!

Recommended for you