Update Chrome now to patch 382 security bugs, 15 critical

Google has shipped one of its largest Chrome security updates ever, fixing 382 vulnerabilities in a single release just weeks after Microsoft pushed its own record-breaking Patch Tuesday. Fifteen of the flaws are rated Critical, meaning they could let an attacker run code outside the browser's protective sandbox, so users should update without delay.

What is fixed

The stable channel moves to 150.0.7871.46/.47 for Windows and Mac, 150.0.7871.46 for Linux, and 150.0.7871.63 for Android, rolling out over the coming days and weeks. As flagged by Malwarebytes Labs, Google found 358 of the issues itself using internal code sanitizers and fuzzing. One High-severity bug stands out: CVE-2026-13789, a use-after-free in Chrome's GPU process that a remote attacker who had already compromised the renderer could chain into a sandbox escape via a crafted web page.

Why it matters

A use-after-free happens when a program keeps using memory it has already freed, which an attacker can manipulate to crash the browser or make it run code it should not. The sandbox is the sealed-off space that is supposed to keep malicious web content from touching the rest of your device, so a sandbox escape is what turns "something bad happened in a tab" into "something bad happened on the machine." Attackers prize these bugs because they can be chained with others into full compromise, which is why Chrome sandbox flaws keep recurring, as in a recent round of critical WebGL sandbox-escape patches and repeated Chrome zero-days exploited in the wild.

What you should do

Open the three-dot menu, go to Settings then About Chrome, let it download the update, and restart the browser to apply it. Do not assume auto-update has you covered if you rarely close the browser. Users of other Chromium-based browsers such as Edge, Brave, and Opera should install their next update as soon as it lands.

This briefing is provided by IntelFusions for informational and defensive purposes only. It is based on sources assessed to be reliable at the time of writing, and analytic judgments carry the confidence levels indicated. Indicators of compromise are defanged; re-arm them only in controlled environments. IntelFusions is not affiliated with the organizations named and makes no warranty as to completeness or accuracy.

Read the full analysis on IntelFusions