{"id":13995,"date":"2026-07-01T10:03:41","date_gmt":"2026-07-01T10:03:41","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/07\/01\/chrome-update-fixes-382-vulnerabilities-including-15-critical-ones-update-now\/"},"modified":"2026-07-01T10:03:41","modified_gmt":"2026-07-01T10:03:41","slug":"chrome-update-fixes-382-vulnerabilities-including-15-critical-ones-update-now","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/07\/01\/chrome-update-fixes-382-vulnerabilities-including-15-critical-ones-update-now\/","title":{"rendered":"Chrome Update Fixes 382 Vulnerabilities, Including 15 Critical Ones \u2013 Update Now!"},"content":{"rendered":"<p>    Chrome Update Fixes 382 Vulnerabilities, Including 15 Critical Ones \u2013 Update Now!<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">Chrome 151\u2019s latest stable-channel update delivers patches for 382 security vulnerabilities, including 15 critical bugs that can be weaponized for remote code execution and full browser compromise if left unpatched.<\/p>\n<p class=\"wp-block-paragraph\">Google is rolling this update out for Windows, macOS, Linux, and Chrome for iOS, with security fixes spanning almost every core component of the browser stack.<\/p>\n<p class=\"wp-block-paragraph\">According to Google\u2019s release notes, Chrome 151 (with desktop build 150.0.7871.46) includes 382 distinct security fixes covered under the <a href=\"https:\/\/cybersecuritynews.com\/googles-bug-bounty-program-high-reward\/\" target=\"_blank\" rel=\"noreferrer noopener\">Chrome Vulnerability Rewards Program<\/a>.<\/p>\n<p class=\"wp-block-paragraph\">Bug details remain partially restricted until the majority of users receive the update, in line with Google\u2019s standard coordinated disclosure process.<\/p>\n<p class=\"wp-block-paragraph\">The patch set addresses vulnerabilities ranging from critical remote code-execution issues to low\u2011severity UI and policy-enforcement flaws affecting web, graphics, casting, networking, and iOS-specific components.<\/p>\n<p class=\"wp-block-paragraph\">Many of these bugs were identified internally by Google using modern memory\u2011safety tooling such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, and fuzzing frameworks.<\/p>\n<h2 id=\"h-chrome-update-patches-382-vulnerabilities\" class=\"wp-block-heading\"><strong>Chrome Update Patches 382 Vulnerabilities<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">Google classifies 15 of the fixed vulnerabilities as critical, with most described as \u201c<a href=\"https:\/\/cybersecuritynews.com\/google-chrome-use-after-free-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">use after free<\/a>\u201d issues in high\u2011risk components such as Extensions, GPU, WebUSB, Browser, Views, Bluetooth, Chromoting, and Ozone.<\/p>\n<p class=\"wp-block-paragraph\">These memory\u2011corruption flaws can often be chained to achieve arbitrary code execution in the browser or underlying OS context when a user visits a maliciously crafted page or interacts with attacker\u2011controlled content.<\/p>\n<p class=\"wp-block-paragraph\">The critical set also includes type confusion and insufficient validation of untrusted input in rendering and graphics subsystems such as <a href=\"https:\/\/cybersecuritynews.com\/chrome-security-update-patches-26-vulnerabilities\/\" target=\"_blank\" rel=\"noreferrer noopener\">Dawn, ANGLE, and Skia<\/a>, as well as in iOSWeb\u2019s input handling.<\/p>\n<p class=\"wp-block-paragraph\">Exploiting these bugs could allow attackers to bypass sandbox boundaries, trigger heap corruption, or hijack control flow, greatly increasing the risk of drive\u2011by compromise scenarios.<\/p>\n<p class=\"wp-block-paragraph\">Beyond the 15 critical issues, <a href=\"https:\/\/chromereleases.googleblog.com\/2026\/06\/stable-channel-update-for-desktop_0175352312.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google fixed a large number of high\u2011severity vulnerabilities<\/a> across areas such as Chromecast, QUIC, Updater, SVG, Chrome for iOS, Safe Browsing, Accessibility, Canvas, File Input, and enterprise\u2011focused features.<\/p>\n<p class=\"wp-block-paragraph\">Many of these are also use\u2011after\u2011free, heap buffer overflow, integer overflow, or insufficient policy enforcement issues that can facilitate information disclosure, privilege escalation, or sandbox escape in realistic attack chains.<\/p>\n<p class=\"wp-block-paragraph\">The update further addresses hundreds of medium\u2011severity flaws touching Web Authentication, WebHID, WebXR, DevTools, Autofill, Passwords, PDF, Codecs, Fonts, and various UI components.<\/p>\n<p class=\"wp-block-paragraph\">While individually less impactful, these bugs collectively expand Chrome\u2019s attack surface and can be chained with other vulnerabilities to improve exploit reliability or bypass security prompts and indicators.<\/p>\n<p class=\"wp-block-paragraph\">Google also ships dozens of low\u2011severity fixes focused on incorrect security UI, policy bypasses, and insufficient validation in components such as SplitView, WebXR, Network, WebNN, Chrome for iOS, TabStrip, Storage, GamepadAPI, History Embeddings, and newer AI- and credential\u2011related features.<\/p>\n<p class=\"wp-block-paragraph\">These issues often contribute to user deception, inconsistent security states, or subtle sandbox and permission bypasses rather than direct code execution.<\/p>\n<figure class=\"wp-block-table is-style-stripes\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th class=\"has-text-align-left\" data-align=\"left\">CVE ID<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Component<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Root cause \/ bug class<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Reported by<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Report date<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13774<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Extensions<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Use after free in Extensions<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-04-26<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13775<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">GPU<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Use after free in GPU<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-05-10<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13776<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Dawn<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Type confusion in Dawn<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-05-14<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13777<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">iOSWeb<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Insufficient validation of untrusted input in iOSWeb<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-05-14<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13778<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">WebUSB<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Use after free in WebUSB<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-05-14<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13779<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Chromoting<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Use after free in Chromoting<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-05-14<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13780<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">ANGLE<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Insufficient validation of untrusted input in ANGLE<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-05-19<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13781<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Skia<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Insufficient validation of untrusted input in Skia<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-05-25<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13782<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Browser<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Use after free in Browser<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-05-26<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13783<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Views<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Use after free in Views<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-05-27<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13784<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Views<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Use after free in Views<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-05-27<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13785<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Bluetooth<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Use after free in Bluetooth<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-05-27<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13786<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Ozone<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Use after free in Ozone<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-05-29<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13787<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Chromoting<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Use after free in Chromoting<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-06-11<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><strong>CVE-2026-13788<\/strong><\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Fullscreen<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Use after free in Fullscreen<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Google<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">2026-06-12<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p class=\"wp-block-paragraph\">Although categorized as low severity, such weaknesses are important for overall browser hardening, especially when targeted by sophisticated threat actors who rely on <a href=\"https:\/\/cybersecuritynews.com\/google-publishes-chromium-exploit-code\/\" target=\"_blank\" rel=\"noreferrer noopener\">multi\u2011bug exploitation<\/a> chains and social engineering.<\/p>\n<p class=\"wp-block-paragraph\">Google credits numerous external researchers and partners, alongside its internal teams, for reporting these issues during the Chrome 151 development cycle.<\/p>\n<h2 id=\"h-mitigations\" class=\"wp-block-heading\"><strong>Mitigations<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">Google recommends that all users update to the latest <a href=\"https:\/\/cybersecuritynews.com\/151-chrome-vulnerabilities-patched\/\" target=\"_blank\" rel=\"noreferrer noopener\">Chrome 151 stable release<\/a> as soon as possible to mitigate the risk of code execution attacks based on these vulnerabilities.<\/p>\n<p class=\"wp-block-paragraph\">For enterprises, security teams should prioritize testing and rolling out Chrome 151 across managed fleets, paying particular attention to environments that rely heavily on extensions, remote desktop (Chromoting), WebUSB, WebXR, Chromecast, and Chrome for iOS.<\/p>\n<p class=\"wp-block-paragraph\">Organizations should also review their browser security baselines, including extension governance, site isolation policies, Safe Browsing settings, and OS\u2011level exploit mitigations to ensure that they complement the protections introduced in this update.<\/p>\n<p class=\"wp-block-paragraph\">Where possible, enabling automatic updates and monitoring Chrome\u2019s security advisory channels can help reduce exposure windows to similar large\u2011scale vulnerability batches in future releases.<\/p>\n<p class=\"has-background wp-block-paragraph\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 87%,rgb(169,184,195) 100%)\"><strong>\u00a0Strengthen Your SOC by Accelerating Threat Detection &amp; Rapid Investigations.\u00a0-&gt; <a href=\"https:\/\/any.run\/enterprise\/?utm_source=csn&amp;utm_medium=links&amp;utm_campaign=sandbox&amp;utm_content=enterprise&amp;utm_term=0626#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Integrate ANY.RUN With Your SOC <\/a><strong><a href=\"https:\/\/any.run\/enterprise\/?utm_source=csn&amp;utm_medium=links&amp;utm_campaign=sandbox&amp;utm_content=enterprise&amp;utm_term=0626#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Now<\/a><\/strong>.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/chrome-update-fixes-382-vulnerabilities\/\">Chrome Update Fixes 382 Vulnerabilities, Including 15 Critical Ones \u2013 Update Now!<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Abinaya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/chrome-update-fixes-382-vulnerabilities\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chrome Update Fixes 382 Vulnerabilities, Including 15 Critical Ones \u2013 Update Now! Chrome 151\u2019s latest stable-channel update delivers patches for 382 security vulnerabilities, including 15 critical bugs that can be weaponized for remote code execution and full browser compromise if left unpatched. Google is rolling this update out for Windows, macOS, Linux, and Chrome for [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[768,129,63,648],"tags":[130],"class_list":["post-13995","post","type-post","status-publish","format-standard","hentry","category-chrome","category-cyber-security","category-cyber-security-news","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13995"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=13995"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13995\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=13995"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=13995"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=13995"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}