Google has issued an update for its popular Chrome bowser, fixing 18 vulnerabilities, many of which are serious.
Google doesn’t provide much detail of what’s fixed in the Chrome 149 update, to give users as much time to update before attackers can get hold of the details. But it does say that 10 of the bugs squashed in the latest Chrome update are use after free flaws — which are a memory corruption issues where a program tries to access memory that has already been freed. This can allow attackers to take control, steal data or crash systems.
While the latest Chrome update includes a substantial list of fixes, the volume is much lower than the tech giant has seen in recent months. In April and May, Google discovered a significant number of vulnerabilities, with 429 patches issued at the start of June.
Google said the Stable channel has been updated to 149.0.7827.196/197 for Windows and Mac and 149.0.7827.196 for Linux, which will roll out over the coming days and weeks. However, you can manually update rather than waiting, to stay on the safe side, as Forbes contributor Davey Winder explains.
Access to bug details and links may be kept restricted until a majority of users are updated with a fix, Google noted in its blog. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” it said.
Chrome 149 fixes three use after free vulnerabilities rated as critical. The first two, tracked as CVE-2026-13028 and CVE-2026-13028, fix issues in the Chrome Web Graphics Library, a JavaScript API for rendering interactive 2D and 3D graphics within a browser.
Tracked as CVE-2026-13038, the other critical use after free bug found by Google researchers impacts Chrome’s Autofill capability.
Meanwhile, Google also fixed a critical out of bounds read issue in Blink>InterestGroups tracked as CVE-2026-13033.
Another bug patched in the Chrome 149 update is CVE-2026-13035, a use after free bug in Bluetooth given a high impact rating. CVE-2026-13034 is inappropriate implementation issue in Passwords reported by Google and rated as having a high impact. Google also fixed two other inappropriate implementation vulnerabilities both rated as having a high impact.
Google does not say that any of the issues fixed in Chrome 149 have been used in attacks, yet. Even so, it’s a good idea to update as soon as you can, if the rollout has not reached you yet.
