Back to news
Cybersecurity Alert
July 8, 2026 by EmailMeNow IT Consulting

Chrome 150 Patches 382 Vulnerabilities Including 15 Critical Flaws — Update Now

Google's Chrome 150 stable update fixes 382 security flaws — 15 critical, 67 high — across Extensions, GPU, WebUSB, and Browser components. Audits score google.com at 52% and chrome.google.com at 31%, both below the 100% domain security ideal.

Source: Google Chrome Releases / SecurityWeek

NewsGoogle ChromeVulnerability DisclosureBrowser SecurityCVECybersecurity
Google Chrome 150 security update patching 382 vulnerabilities including 15 critical browser flaws

Google has shipped another whopper browser security update: Chrome 150 closes 382 vulnerabilities, including 15 rated critical and 67 high. The stable-channel release rolled out in late June 2026 for Windows, macOS, Linux, Android, and iOS — and security reporters are urging users not to wait for the next version.

SecurityWeek notes Google discovered 358 of the 382 flaws internally — a surge analysts tie partly to scaled fuzzing and AI-assisted review — while external researchers still contributed high-impact findings. Google has not reported in-the-wild exploitation for this batch at release time, but the flaw count alone makes rapid patching a baseline control for any firm that handles client data in the browser.

Official release notes: Google Chrome Releases

Patch Summary

MetricCount
Total vulnerabilities fixed382
Critical15
High67
Medium169
Low131
Found by Google internally358
Confirmed exploited in the wild (at release)0

Updated Builds

PlatformVersion
Windows150.0.7871.46 / 150.0.7871.47
macOS150.0.7871.46 / 150.0.7871.47
Linux150.0.7871.46
AndroidChrome 150 (same security fixes)
iOSChrome 150 (earlier rollout)
Extended Stable (Win/macOS)Updated Chromium base

Check your version at chrome://settings/help. Chrome usually auto-updates within days; managed environments should verify MDM/Google Workspace policies are not pinning an older build.

How to Update Chrome

Target version: 150.0.7871.46 or newer (.47 on some Windows/macOS builds).

Windows, macOS, and Linux (desktop)

StepAction
1Open Google Chrome
2Click the three-dot menu (⋮) → HelpAbout Google Chrome
3Or paste chrome://settings/help in the address bar and press Enter
4Chrome checks for updates automatically — wait for “Updating Chrome…” to finish
5Click Relaunch when prompted (save open tabs first if needed)
6Confirm the version shows 150.0.7871.46 or higher

macOS shortcut: With Chrome in the foreground, menu bar → ChromeAbout Google Chrome.

Linux (Debian/Ubuntu): If the in-browser updater does not run, use your package manager after Google publishes the repo build, or download the latest .deb / .rpm from google.com/chrome.

Android

StepAction
1Open Google Play Store
2Tap your profile iconManage apps & deviceUpdates available
3Find Chrome and tap Update (or Update all)
4Open Chrome → SettingsAbout Chrome to verify version 150

iPhone and iPad

StepAction
1Open the App Store
2Tap your profile icon → scroll to pending updates
3Tap Update next to Chrome, or Update All
4In Chrome, go to SettingsGoogle ChromeAbout to confirm 150

Managed / enterprise fleets

EnvironmentWhat to do
Google WorkspaceAdmin console → DevicesChrome → verify Auto-update policy and target version
Microsoft IntuneConfirm Google Chrome app deployment ring is not blocking stable-channel updates
Jamf / macOS MDMPush latest Chrome PKG or confirm self-update is allowed
Stuck on old build?Download only from google.com/chrome or chrome.google.com — never from pop-up ads or email links

Do not trust search ads, email attachments, or random “Chrome Update Required” pages — chrome.google.com scores only 31% on our domain audit and is a common phishing target.

Critical Flaw Themes

Most critical issues are memory-safety bugs in high-privilege browser subsystems — the same classes that historically enable renderer compromise, sandbox escape, and remote code execution when a user visits malicious web content.

CVE (sample)ComponentBug class
CVE-2026-13774ExtensionsUse-after-free
CVE-2026-13775GPUUse-after-free
CVE-2026-13776Dawn (WebGPU)Type confusion
CVE-2026-13778WebUSBUse-after-free
CVE-2026-13779ChromotingUse-after-free
CVE-2026-13782BrowserUse-after-free
CVE-2026-13783 / 13784ViewsUse-after-free
CVE-2026-13785BluetoothUse-after-free
CVE-2026-13786OzoneUse-after-free
CVE-2026-13788FullscreenUse-after-free

Additional classes patched across the full set include out-of-bounds access, incorrect security UI, uninitialized use, and insufficient input validation — spanning ANGLE, Skia, Dawn, iOSWeb, and other core rendering stacks.

Illustration: Chrome browser update prompt on a corporate laptop with critical vulnerability counter overlay

Why This Matters for Business

RiskReal-world impact
Unpatched browser on attorney/CPA workstationMalicious legal-filing or portal page can compromise the session holding trust-account or tax data
BYOD without forced updatesPersonal laptops become the weak link in an otherwise patched fleet
Chromium derivatives laggingEdge, Brave, Opera, and embedded WebView apps may need separate vendor advisories
Extension-heavy workflowsCritical Extensions use-after-free (CVE-2026-13774) raises stakes for unmanaged add-ons

This release follows Chrome 148’s 151-fix cycle in May 2026 — evidence that browser patching is now a weekly operational task, not a quarterly chore.

Illustration: IT administrator reviewing Chrome version compliance dashboard across Windows and Mac endpoints

Independent Domain Security Audits — July 8, 2026

We scanned domains users rely on to obtain legitimate Chrome updates. 100% is the ideal score for domain security.

OrganizationDomainOverallIdentityTransportWebsiteRisk
Googlegoogle.com52%50%70%45%Average
Chrome download portalchrome.google.com31%0%45%45%Weak
Chromium open-source projectchromium.org46%10%15%70%Below Average

Key findings:

  • chrome.google.com at 31% overall0% Identity on our probe; a frequent phishing impersonation target for fake “update Chrome” pages.
  • chromium.org at 15% Transport — weak MTA-STS/TLS-RPT posture despite being a developer reference site.
  • google.com leads the set at 52% but remains far below the 100% ideal for a vendor distributing security-critical software.

Attackers routinely abuse Chrome-update urgency in malicious extension campaigns and streaming scams — verify downloads only from official Google properties, not search ads or pop-ups.

Audit links:

Priority Actions

  1. Confirm Chrome 150.0.7871.46+ on every managed endpoint within 48 hours.
  2. Force update through Google Workspace / Intune / Jamf if auto-update is delayed.
  3. Audit Chromium-based browsers separately — they do not all patch on Google’s schedule.
  4. Restrict extensions to an allowlist; remove unused add-ons (critical Extensions CVE in this release).
  5. Document browser baseline in your SB 2610 or client cyber questionnaire files.

See How to Update Chrome above for Windows, Mac, Linux, Android, and iOS steps.

Run a free scan at audit.emailmenow.com — paid unlock adds remediation evidence for insurance and compliance reviews.


Sources: SecurityWeek · Google Chrome Releases · Digital Citizen — Chrome 150 · Cybersecurity News