Google has shipped another whopper browser security update: Chrome 150 closes 382 vulnerabilities, including 15 rated critical and 67 high. The stable-channel release rolled out in late June 2026 for Windows, macOS, Linux, Android, and iOS — and security reporters are urging users not to wait for the next version.
SecurityWeek notes Google discovered 358 of the 382 flaws internally — a surge analysts tie partly to scaled fuzzing and AI-assisted review — while external researchers still contributed high-impact findings. Google has not reported in-the-wild exploitation for this batch at release time, but the flaw count alone makes rapid patching a baseline control for any firm that handles client data in the browser.
Official release notes: Google Chrome Releases
Patch Summary
| Metric | Count |
|---|---|
| Total vulnerabilities fixed | 382 |
| Critical | 15 |
| High | 67 |
| Medium | 169 |
| Low | 131 |
| Found by Google internally | 358 |
| Confirmed exploited in the wild (at release) | 0 |
Updated Builds
| Platform | Version |
|---|---|
| Windows | 150.0.7871.46 / 150.0.7871.47 |
| macOS | 150.0.7871.46 / 150.0.7871.47 |
| Linux | 150.0.7871.46 |
| Android | Chrome 150 (same security fixes) |
| iOS | Chrome 150 (earlier rollout) |
| Extended Stable (Win/macOS) | Updated Chromium base |
Check your version at chrome://settings/help. Chrome usually auto-updates within days; managed environments should verify MDM/Google Workspace policies are not pinning an older build.
How to Update Chrome
Target version: 150.0.7871.46 or newer (.47 on some Windows/macOS builds).
Windows, macOS, and Linux (desktop)
| Step | Action |
|---|---|
| 1 | Open Google Chrome |
| 2 | Click the three-dot menu (⋮) → Help → About Google Chrome |
| 3 | Or paste chrome://settings/help in the address bar and press Enter |
| 4 | Chrome checks for updates automatically — wait for “Updating Chrome…” to finish |
| 5 | Click Relaunch when prompted (save open tabs first if needed) |
| 6 | Confirm the version shows 150.0.7871.46 or higher |
macOS shortcut: With Chrome in the foreground, menu bar → Chrome → About Google Chrome.
Linux (Debian/Ubuntu): If the in-browser updater does not run, use your package manager after Google publishes the repo build, or download the latest .deb / .rpm from google.com/chrome.
Android
| Step | Action |
|---|---|
| 1 | Open Google Play Store |
| 2 | Tap your profile icon → Manage apps & device → Updates available |
| 3 | Find Chrome and tap Update (or Update all) |
| 4 | Open Chrome → ⋮ → Settings → About Chrome to verify version 150 |
iPhone and iPad
| Step | Action |
|---|---|
| 1 | Open the App Store |
| 2 | Tap your profile icon → scroll to pending updates |
| 3 | Tap Update next to Chrome, or Update All |
| 4 | In Chrome, go to ⋮ → Settings → Google Chrome → About to confirm 150 |
Managed / enterprise fleets
| Environment | What to do |
|---|---|
| Google Workspace | Admin console → Devices → Chrome → verify Auto-update policy and target version |
| Microsoft Intune | Confirm Google Chrome app deployment ring is not blocking stable-channel updates |
| Jamf / macOS MDM | Push latest Chrome PKG or confirm self-update is allowed |
| Stuck on old build? | Download only from google.com/chrome or chrome.google.com — never from pop-up ads or email links |
Do not trust search ads, email attachments, or random “Chrome Update Required” pages — chrome.google.com scores only 31% on our domain audit and is a common phishing target.
Critical Flaw Themes
Most critical issues are memory-safety bugs in high-privilege browser subsystems — the same classes that historically enable renderer compromise, sandbox escape, and remote code execution when a user visits malicious web content.
| CVE (sample) | Component | Bug class |
|---|---|---|
| CVE-2026-13774 | Extensions | Use-after-free |
| CVE-2026-13775 | GPU | Use-after-free |
| CVE-2026-13776 | Dawn (WebGPU) | Type confusion |
| CVE-2026-13778 | WebUSB | Use-after-free |
| CVE-2026-13779 | Chromoting | Use-after-free |
| CVE-2026-13782 | Browser | Use-after-free |
| CVE-2026-13783 / 13784 | Views | Use-after-free |
| CVE-2026-13785 | Bluetooth | Use-after-free |
| CVE-2026-13786 | Ozone | Use-after-free |
| CVE-2026-13788 | Fullscreen | Use-after-free |
Additional classes patched across the full set include out-of-bounds access, incorrect security UI, uninitialized use, and insufficient input validation — spanning ANGLE, Skia, Dawn, iOSWeb, and other core rendering stacks.

Why This Matters for Business
| Risk | Real-world impact |
|---|---|
| Unpatched browser on attorney/CPA workstation | Malicious legal-filing or portal page can compromise the session holding trust-account or tax data |
| BYOD without forced updates | Personal laptops become the weak link in an otherwise patched fleet |
| Chromium derivatives lagging | Edge, Brave, Opera, and embedded WebView apps may need separate vendor advisories |
| Extension-heavy workflows | Critical Extensions use-after-free (CVE-2026-13774) raises stakes for unmanaged add-ons |
This release follows Chrome 148’s 151-fix cycle in May 2026 — evidence that browser patching is now a weekly operational task, not a quarterly chore.

Independent Domain Security Audits — July 8, 2026
We scanned domains users rely on to obtain legitimate Chrome updates. 100% is the ideal score for domain security.
| Organization | Domain | Overall | Identity | Transport | Website | Risk |
|---|---|---|---|---|---|---|
| google.com | 52% | 50% | 70% | 45% | Average | |
| Chrome download portal | chrome.google.com | 31% | 0% | 45% | 45% | Weak |
| Chromium open-source project | chromium.org | 46% | 10% | 15% | 70% | Below Average |
Key findings:
- chrome.google.com at 31% overall — 0% Identity on our probe; a frequent phishing impersonation target for fake “update Chrome” pages.
- chromium.org at 15% Transport — weak MTA-STS/TLS-RPT posture despite being a developer reference site.
- google.com leads the set at 52% but remains far below the 100% ideal for a vendor distributing security-critical software.
Attackers routinely abuse Chrome-update urgency in malicious extension campaigns and streaming scams — verify downloads only from official Google properties, not search ads or pop-ups.
Audit links:
Priority Actions
- Confirm Chrome 150.0.7871.46+ on every managed endpoint within 48 hours.
- Force update through Google Workspace / Intune / Jamf if auto-update is delayed.
- Audit Chromium-based browsers separately — they do not all patch on Google’s schedule.
- Restrict extensions to an allowlist; remove unused add-ons (critical Extensions CVE in this release).
- Document browser baseline in your SB 2610 or client cyber questionnaire files.
See How to Update Chrome above for Windows, Mac, Linux, Android, and iOS steps.
Run a free scan at audit.emailmenow.com — paid unlock adds remediation evidence for insurance and compliance reviews.
Related Reading
- Chrome 148 patches 151 vulnerabilities
- Malicious Adblock for YouTube extension
- Secure Boot certificate expiry
- Five Eyes AI cyberattack warning
Sources: SecurityWeek · Google Chrome Releases · Digital Citizen — Chrome 150 · Cybersecurity News