Google has released Chrome version 149, addressing a total of 429 security vulnerabilities, including 22 rated as critical. This update underscores the company’s ongoing commitment to user safety and the integrity of its widely used web browser.
**Scope of the Update**
The Chrome 149 update is substantial, with 429 security flaws rectified. Among these, 22 have been assigned a Common Vulnerability Scoring System (CVSS) severity rating of critical, indicating their potential to cause significant harm if exploited. Notably, these vulnerabilities were identified by Google’s internal security team and external researchers, emphasizing the collaborative effort in enhancing browser security.
**Details of Critical Vulnerabilities**
The 22 critical vulnerabilities span various components of Chrome, including:
– **GPU Component**: An out-of-bounds write vulnerability (CVE-2026-9872) that could allow attackers to execute arbitrary code.
– **Network Module**: A use-after-free issue (CVE-2026-9873) potentially leading to code execution.
– **WebGL**: Multiple vulnerabilities, including an out-of-bounds read (CVE-2026-9875) and a use-after-free (CVE-2026-9876), both of which could be exploited for arbitrary code execution.
– **ANGLE (Almost Native Graphics Layer Engine)**: Several critical flaws, such as use-after-free issues (CVE-2026-9877, CVE-2026-9878) and an out-of-bounds write (CVE-2026-9879), posing significant security risks.
– **Bluetooth**: A use-after-free vulnerability (CVE-2026-9881) that could be exploited to execute arbitrary code.
– **Base Component**: Multiple use-after-free issues (CVE-2026-9883, CVE-2026-9886) affecting the browser’s foundational elements.
– **Browser Core**: A use-after-free vulnerability (CVE-2026-9884) that could lead to code execution.
– **User Interface (UI)**: An insufficient validation of untrusted input (CVE-2026-9885) that might allow attackers to execute arbitrary code.
– **Proxy**: A use-after-free issue (CVE-2026-9887) potentially leading to code execution.
– **WebView**: A use-after-free vulnerability (CVE-2026-9888) that could be exploited for arbitrary code execution.
– **Dawn (WebGPU Implementation)**: An out-of-bounds read and write issue (CVE-2026-9889) posing significant security risks.
– **XR (Extended Reality)**: A use-after-free vulnerability (CVE-2026-9890) that could be exploited to execute arbitrary code.
– **Extensions**: A use-after-free issue (CVE-2026-9891) affecting browser extensions.
– **Skia (Graphics Library)**: An inappropriate implementation (CVE-2026-9892) and a use-after-free vulnerability (CVE-2026-9893) that could be exploited for arbitrary code execution.
These vulnerabilities were discovered through Google’s internal security audits and external bug bounty programs, highlighting the importance of proactive security measures.
**Security Bounty Rewards**
Google has recognized the efforts of security researchers by awarding substantial bounty payments for the responsible disclosure of certain vulnerabilities. For instance, CVE-2026-9872 and CVE-2026-9873 each earned a reward of $43,000, while CVE-2026-9874 and CVE-2026-9875 received $11,000 and $5,000, respectively. These rewards underscore Google’s commitment to fostering a collaborative approach to cybersecurity.
**Update Availability and Installation**
The Chrome 149 update is being rolled out to users across Windows, Mac, and Linux platforms. To ensure your browser is up to date and secure, follow these steps:
1. Click on the three-dot menu in the top-right corner of Chrome.
2. Navigate to “Help” and select “About Google Chrome.”
3. The browser will automatically check for updates and prompt you to restart Chrome to apply the new version.
By promptly updating, users can protect themselves from potential exploits targeting these vulnerabilities.
**Conclusion**
The release of Chrome 149, addressing 429 security vulnerabilities including 22 critical ones, reflects Google’s ongoing dedication to enhancing browser security. Users are strongly encouraged to update their browsers immediately to benefit from these crucial security patches.
This article is AI-generated content. Please verify the information independently before taking any action based on this article.
