Jump to content
  • Latest Google Chrome update fixes 7 vulnerabilities, including 3 critical ones


    Karlston

    • 20 views
    • 3 minutes
     Share


    • 20 views
    • 3 minutes

    Google Chrome stable version 150.0.7871.128/.129 for Windows and Mac and 150.0.7871.128 for Linux fixes 7 high-level vulnerabilities.

    Google has released a new Chrome Stable update, version 150.0.7871.128/.129 for Windows and Mac and 150.0.7871.128 for Linux, rolling out over the coming days and weeks. The update patches seven security vulnerabilities, including three rated critical, most of them use-after-free flaws found internally by Google.

     

    Here's the full changelog:

     

    • [N/A][516987782] Critical CVE-2026-15899: Use after free in CameraCapture. Reported by Google on 2026-05-27
    • [N/A][523750584] Critical CVE-2026-15900: Use after free in GPU. Reported by Google on 2026-06-14
    • [N/A][533446300] Critical CVE-2026-15901: Use after free in Network. Reported by Google on 2026-07-10
    • [N/A][522436154] High CVE-2026-15902: Use after free in Cast. Reported by Google on 2026-06-10
    • [TBD][531503216] High CVE-2026-15903: Out of bounds read and write in V8. Reported by OpenAI Codex Security (amyb) on 2026-07-06
    • [N/A][532925350] High CVE-2026-15904: Use after free in Ozone. Reported by Google on 2026-07-09
    • [N/A][532970574] High CVE-2026-15905: Use after free in Aura. Reported by Google on 2026-07-09

     

    We still don't have enough details on these critical flaws. As part of its standard security practice, Google keeps access to these reports restricted until the majority of users have installed the latest update, to prevent hacker from potentially reverse-engineering exploits.

     

    All but one of the reported vulnerabilities are the use-after-free type. Use-after-free flaws happen when a program keeps using a piece of memory after it's already been freed up for something else. If an attacker manages to get their own data loaded into that freed memory before the program reads from it again, they can potentially corrupt the program's execution or slip in code of their own, rather than just cause a crash.

     

    This is why this class of bug tends to draw so much attention from threat actors. And also why it often shows up in components like the GPU process, where async operations and constant buffer, texture, and image management create plenty of openings for this kind of bug to slip through.

     

    Users are strongly advised to update their browsers immediately. To update your Google Chrome version, go to Help > About Google Chrome and check for updates. You can check the full changelog, and eventually access the bug reports once Google makes them available to the public here.

     

    Source

     


    Hope you enjoyed this news post. Feedback welcome.

    Posted Saturday 18 July 2026 at 7:18 am AEST (my time).

    News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of June) 2,475

    RIP Matrix


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...