Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws
Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws
Chrome users have 30 new reasons to restart their browser.
Google has just released a massive security overhaul for Chrome, patching 30 different vulnerabilities in a single go. The update, which brings the browser to version 147.0.7727.137/138, addresses four Critical flaws that could allow hackers to take control of your computer.
Most of the vulnerabilities Google fixed this week fall into a category called “Use-After-Free” (UAF), which basically means the browser is getting confused about how it handles its own memory.
When Chrome frees up the memory it’s using, a UAF bug allows a malicious website to sneak back into that same spot and run its own commands. If a hacker successfully pulls this off, they could bypass Chrome’s security sandbox, the digital wall meant to keep websites from touching your actual files, and run malware directly on your system.
Of the 30 fixes, four are rated as Critical, the highest possible risk level. These bugs affected everything from how the browser draws graphics (Canvas) to how it handles accessibility features for users with disabilities.
Because these bugs are so dangerous, Google is playing its cards close to its chest. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.” Google wrote in its Chrome Release blog.
Independent researchers who helped find these flaws are being rewarded handsomely. One researcher, known as heapracer, snagged $7,000 for reporting CVE-2026-7363, a critical flaw in the Canvas component. Another anonymous researcher received $16,000 for a high-severity bug in the GPU (graphics) system.
The update potentially affects Chrome’s global user base, estimated at more than 3.5 billion people.
Firefox is also feeling the heat
Google isn’t the only one working overtime.
Mozilla has released Firefox 150.0.1 to address its own set of memory safety issues. “Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code,” according to the Mozilla Foundation Security Advisory.
The Firefox update also fixes an “information disclosure” bug in the audio/video component that could have accidentally leaked private data to unintended recipients.
Must-read security coverage
How to stay safe
While there’s no evidence that hackers are actively using these specific bugs to attack people yet, the window of safety is closing fast. Now that the fixes are public, bad actors can study them to figure out how to attack people who haven’t updated yet.
What you should do:
- Chrome users: Go to Help > About Google Chrome. If an update is ready, it will download automatically. You must restart the browser to finish the process.
- Firefox users: Go to Help > About Firefox to ensure you are on version 150.0.1 or higher.
- Android/iOS users: Check your respective app stores for the latest version of Chrome to ensure your mobile browsing is just as secure as your desktop.
The safest move is simple: update now, then restart the browser. Security patches only protect users once they are installed, and browser flaws can become more dangerous once attackers have time to reverse-engineer the fixes.
In other Google news: The tech giant and Kaggle’s free AI agents course returns June 15, with vibe coding lessons, live sessions, and a hands-on capstone project.
About Author
