New Chrome Update Fixes 382 Security Bugs Across Desktop, Mobile

New Chrome Update Fixes 382 Security Bugs Across Desktop, Mobile

New Chrome Update Fixes 382 Security Bugs Across Desktop, Mobile

Image generated via Google’s Nano Banana

Google released a Chrome update addressing 382 security bugs, including sandbox-escape risks. Users and IT teams should update quickly.

Written By
Kezia Jungco
Kezia Jungco
Jul 2, 2026

Chrome users have another big security update waiting, and this one is not just routine browser housekeeping.

Google has released a Chrome update to address 382 security bugs across desktop and mobile platforms, including Critical and High-severity flaws tied to sandbox escape and code execution risks. Google has not reported active exploitation, but users and IT teams still need to install the update and restart Chrome before the fixes take effect.

The update also shows why browser patching now belongs near the top of the endpoint security checklist, especially for organizations managing Chrome across employee devices.

Chrome update rolls out across desktop and mobile

According to Malwarebytes, the stable channel has been updated to 150.0.7871.46/.47 on Windows and Mac, 150.0.7871.46 on Linux, and 150.0.7871.63 on Android.

Google will roll out the update over the coming days and weeks, but users can trigger it manually by opening the Chrome menu and going to Settings > About Chrome.

Among the 382 security fixes, Malwarebytes said that Google found 358 internally through tools such as “’fuzzing” and “code sanitizers”. The firm rated 15 of the issues as ‘critical’ because they could allow an attacker to execute arbitrary code outside of Chrome’s sandbox.

One High-severity flaw stands out: CVE-2026-13789, a use-after-free issue in Chrome’s GPU component. Malwarebytes quoted the official description: “Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.”

Forbes reported that the update follows another large Chrome release that fixed 429 security bugs a month earlier. The report also linked the faster pace of security releases across Google, Apple, and Microsoft to a changing patching environment, in which defenders can use AI tools to find flaws more quickly, while attackers may use similar tools to hunt for exploit paths.

Why browser updates deserve urgency

A browser flaw can become more dangerous when attackers chain it with another weakness. A sandbox escape is especially serious because Chrome’s sandbox is supposed to keep malicious activity contained inside the browser.

Malwarebytes explained the risk this way: “Vulnerabilities that allow an attacker to escape the sandbox — which means it can impact the whole device — are valuable if you can chain them with others.”

According to Mallory.ai, the patched bugs span Chrome components, including Extensions, GPU, WebUSB, Browser, Bluetooth, Chromoting, WebGPU, ANGLE, Skia, Fullscreen, and iOSWeb. The issues include use-after-free, type confusion, out-of-bounds access, uninitialized use, and insufficient validation of untrusted input.

Mallory.ai also noted that several vulnerabilities could be triggered through crafted web content and, in some cases, lead to renderer compromise, heap corruption, sandbox escape, or code execution on the underlying system. Google said it had no evidence of in-the-wild exploitation at the time of release.

Advertisement

More Google coverage

The rollout still needs attention

For individual users, the advice is simple: update Chrome and restart the browser. The update may not fully apply until Chrome relaunches.

For IT teams, the work goes further.

Admins should verify that managed Chrome installations have been updated to the fixed versions, especially on devices where users keep their browsers open for days or weeks. They should also monitor Chromium-based browsers, since related projects may need their own updates after Chrome patches land.

No active exploitation has been reported, which gives teams some breathing room. Still, with hundreds of Chrome flaws now addressed, including issues tied to sandbox escape and crafted web content, organizations should treat this as a security update that needs follow-through.

For another recent Google security update, read Google Patches Android Zero-Day Vulnerability in June 2026 Security Update.

Kezia Jungco

Kezia Jungco is a technology writer and researcher specializing in artificial intelligence, data analytics, CRM software, cloud infrastructure, cybersecurity, and emerging business technologies. With more than five years of experience evaluating software platforms and technology solutions, she helps business leaders understand the tools and trends shaping the future of work. Kezia has extensive hands-on experience testing and analyzing generative AI platforms, chatbots, natural language processing (NLP) tools, CRM systems, and business software. Her work focuses on translating complex technologies into practical insights that help organizations make informed decisions about technology adoption, operational efficiency, and digital transformation. As a staff writer for TechnologyAdvice, Kezia covers AI innovation, business applications of machine learning, data-driven technologies, cloud computing, cybersecurity, and sales technology. Her background in journalism, research, and education enables her to combine rigorous analysis with clear, accessible reporting for both enterprise and consumer audiences. Kezia holds a bachelor's degree in Development Communication with a major in Development Journalism from the University of the Philippines Los Baños. She has also completed professional training in artificial intelligence, data privacy, and information security. Her work has been featured in TechnologyAdvice, TechRepublic, eWeek, Datamation, and Selling Signals, where she helps readers navigate a rapidly evolving technology landscape with practical, research-driven guidance.