Google has issued a “whopper” update fixing 382 issues in its popular Chrome browser. It comes after Google squashed 429 Chrome security bugs a month previously in its biggest ever update.

This Chrome update might not be quite as large, but it’s close and a sign of things to come. Apple released iOS 26.5.2 this week in an overhaul of its patch cycle aiming to get updates to users earlier.

It comes after Microsoft’s biggest patch Tuesday ever, which saw 206 vulnerability fixes, including three zero day flaws.

The increased velocity of security releases by Google, Apple and Microsoft is driven by artificial intelligence, which is being used by defenders to find flaws in software. There are also fears that AI bug hunting tools can be used by adversaries to find ways to exploit vulnerabilities, making patching more important than ever.

About The 382 Chrome Security Fixes

Google doesn’t provide much detail about what’s fixed in Chrome 150, to allow users time to update before attackers can get hold of the details. But 20 of the Chrome security fixes are deemed to have a critical impact, including a number of use after free vulnerabilities.

“Google rates them as critical severity because they could allow an attacker to run arbitrary code outside the browser’s sandbox, which makes it the highest tier on its rating scale,” Peter Arntz, malware intelligence researcher at security firm Malwarebytes wrote in a blog.

Arntz, who calls the Chrome update “whopping,” believes one vulnerability rated as high stands out — a use after free flaw in GPU tracked as CVE-2026-13789, which allows a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

“Vulnerabilities that allow an attacker to escape the sandbox — which means it can impact the whole device — are valuable if you can chain them with others,” Arntz writes. “The browser sandbox is a restricted, sealed-off environment that is supposed to contain any malicious activity within the browser rather than directly on your whole computer. So a sandbox escape is dangerous because it can help attackers move from ‘something bad happened inside the browser’ to ‘something bad can affect the wider system’.”

Around 80 of the flaws are rated as high, with the remainder given a medium or low rating.

Why You Should Update Now To Chrome 150

None of the flaws fixed in this whopper Chrome update have been used in attacks, yet. But the sheer number of vulnerabilities is concerning, especially given they can be chained together to perform attacks.

The stable channel has been updated to 150.0.7871.46/.47 for Windows and Mac, 150.0.7871.46 for Linux, and 150.0.7871.63 for Android. Google says the update will roll out over the coming days and weeks, but updating manually is sensible and easy. Go to the More menu > Settings > About Chrome and check for the update now.

Share.
Exit mobile version