Chrome needs another whopper update to fix 382 security bugs
If there was ever a time when it dawned on users how full of holes the software they’ve been 2026-7-1 11:40:49 Author: www.malwarebytes.com(查看原文) 阅读量:2 收藏

If there was ever a time when it dawned on users how full of holes the software they’ve been using is, it’s now. Last month Microsoft pushed out its biggest patch Tuesday update ever. And yesterday, on the last day of June, Google published an update which included a whopping 382 security fixes.

The stable channel has been updated to 150.0.7871.46/.47 for Windows and Mac, 150.0.7871.46 for Linux, and 150.0.7871.63 for Android. The update will roll out over the coming days and weeks.

How to update Chrome

If you don’t want to wait for the rollout to reach you, manually updating is easy.

The easiest option is to allow Chrome to update automatically. But you can end up lagging behind on updates if you never close your browser or if something goes wrong, such as an extension preventing the update.

To update manually, click the More menu (three dots), then go to Settings > About Chrome. If an update is available, Chrome will start downloading it automatically. Restart Chrome to complete the update, and you’ll be protected against these vulnerabilities.

Chrome 150.0.7871.47 is up to date
Chrome 150.0.7871.47 is up to date

You can find an explanation of the version numbering system and step-by-step instructions in our guide to how to update Chrome on every operating system.

Technical details

Among the 382 security fixes are 358 found by Google itself, with 15 of those are rated as Critical. Google rates them as Critical severity because they could allow an attacker to run arbitrary code outside the browser’s sandbox, which makes it the highest tier on its rating scale. So, it’s reassuring that Google found these before anyone else did. Because apparently not all bug hunters believe in responsible disclosure.

Google uses internal code sanitizer tools and fuzzing techniques to find these vulnerabilities. It probably also helps that it is on the list of companies that are allowed to use advanced AI platforms to help them find these vulnerabilities.

One vulnerability rated as High stands out. It’s a flaw tracked as CVE-2026-13789. The official description is:

 “Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.”

Vulnerabilities that allow an attacker to escape the sandbox—which means it can impact the whole device—are valuable if you can chain them with others. The browser sandbox is a restricted, sealed-off environment that is supposed to contain any malicious activity within the browser rather than directly on your whole computer. So a sandbox escape is dangerous because it can help attackers move from “something bad happened inside the browser” to “something bad can affect the wider system.”

Use-after-free is a class of vulnerability caused by incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can abuse that mistake by causing a crash in a program or make it run code it should not run.

In Chromium/Chrome architecture, the term GPU usually denotes the dedicated GPU process that handles hardware-accelerated rendering, compositing, WebGL, video decode, and related graphics operations.

Via a crafted HTML page means it could exploit a target’s device through a malicious website, an HTML email, or an embedded HTML document.

So, again, update as soon as you can. Users of other Chromium browsers, keep an eye out for your next update.


Stop threats before they can do any harm.

Malwarebytes Browser Guard blocks phishing pages and malicious sites automatically. Free, one click to install. Add it to your browser →

About the author

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.


文章来源: https://www.malwarebytes.com/blog/bugs/2026/07/chrome-needs-another-whopper-update-to-fix-382-security-fixes
如有侵权请联系:admin#unsafe.sh