Chrome users have another big security update waiting, and this one is not just routine browser housekeeping.
Google has released a Chrome update to address 382 security bugs across desktop and mobile platforms, including Critical and High-severity flaws tied to sandbox escape and code execution risks. Google has not reported active exploitation, but users and IT teams still need to install the update and restart Chrome before the fixes take effect.
The update also shows why browser patching now belongs near the top of the endpoint security checklist, especially for organizations managing Chrome across employee devices.
Chrome update rolls out across desktop and mobile
According to Malwarebytes, the stable channel has been updated to 150.0.7871.46/.47 on Windows and Mac, 150.0.7871.46 on Linux, and 150.0.7871.63 on Android.
Google will roll out the update over the coming days and weeks, but users can trigger it manually by opening the Chrome menu and going to Settings > About Chrome.
Among the 382 security fixes, Malwarebytes said that Google found 358 internally through tools such as “’fuzzing” and “code sanitizers”. The firm rated 15 of the issues as ‘critical’ because they could allow an attacker to execute arbitrary code outside of Chrome’s sandbox.
One High-severity flaw stands out: CVE-2026-13789, a use-after-free issue in Chrome’s GPU component. Malwarebytes quoted the official description: “Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.”
Forbes reported that the update follows another large Chrome release that fixed 429 security bugs a month earlier. The report also linked the faster pace of security releases across Google, Apple, and Microsoft to a changing patching environment, in which defenders can use AI tools to find flaws more quickly, while attackers may use similar tools to hunt for exploit paths.
Why browser updates deserve urgency
A browser flaw can become more dangerous when attackers chain it with another weakness. A sandbox escape is especially serious because Chrome’s sandbox is supposed to keep malicious activity contained inside the browser.
Malwarebytes explained the risk this way: “Vulnerabilities that allow an attacker to escape the sandbox — which means it can impact the whole device — are valuable if you can chain them with others.”
According to Mallory.ai, the patched bugs span Chrome components, including Extensions, GPU, WebUSB, Browser, Bluetooth, Chromoting, WebGPU, ANGLE, Skia, Fullscreen, and iOSWeb. The issues include use-after-free, type confusion, out-of-bounds access, uninitialized use, and insufficient validation of untrusted input.
Mallory.ai also noted that several vulnerabilities could be triggered through crafted web content and, in some cases, lead to renderer compromise, heap corruption, sandbox escape, or code execution on the underlying system. Google said it had no evidence of in-the-wild exploitation at the time of release.
More Google coverage
- New Google Search AI Mode is ‘Total Reimagining,’ Says CEO Sundar Pichai
- In Major Ruling, Judge Finds Google ‘Willfully Acquired and Maintained Monopoly Power’ Over Digital Ad Market
- Google’s Big Bet on Nuclear Energy: ‘The Race to Power AI-Driven Data Centers is Accelerating’
- Computer History Museum Releases Original AlexNet Code: Why It Matters
The rollout still needs attention
For individual users, the advice is simple: update Chrome and restart the browser. The update may not fully apply until Chrome relaunches.
For IT teams, the work goes further.
Admins should verify that managed Chrome installations have been updated to the fixed versions, especially on devices where users keep their browsers open for days or weeks. They should also monitor Chromium-based browsers, since related projects may need their own updates after Chrome patches land.
No active exploitation has been reported, which gives teams some breathing room. Still, with hundreds of Chrome flaws now addressed, including issues tied to sandbox escape and crafted web content, organizations should treat this as a security update that needs follow-through.
For another recent Google security update, read Google Patches Android Zero-Day Vulnerability in June 2026 Security Update.