The report highlights that according to Google, none of the patched vulnerabilities have been exploited in the wild yet. In the fresh Chrome versions 149.0.7827.53/54 for Windows and macOS, and 149.0.7827.53 for Linux, the developers have fixed more than 400 vulnerabilities, some of which are critical.
In a fresh development, google is clearly following the pattern of turning integrated PDF viewers into small PDF editors. With Chrome 149, you can not only fill in PDF files online, but now also annotate and sign them. This has been available in Firefox for some time. The browser’s own “What’s Recent” page lists fresh functions in the PDF viewer as the only innovation.
In a fresh development, however, neither of these fresh functions is available yet (or at least not for everyone). Chrome was supposed to have implemented the option to arrange tabs vertically rather than horizontally in April, and Reading Mode is set to become more immersive by filling the entire browser window rather than just half of a split view.
Industry observers note that you can manually check for updates via the menu item Help → About Google Chrome (or Settings → About Google Chrome). Chrome usually updates automatically when a fresh version is available.
According to the latest update, the Android version addresses the same vulnerabilities as the desktop versions. The Extended Stable Channel for Windows and macOS now includes Chromium version 148.0.7778.254. Google also dropped Chrome for Android 149.0.7827.59 this week, having already dropped Chrome for iOS 149.0.7827.45 last week.
Industry observers note that the drop of Chrome 150 is expected at the end of June.
As part of the ongoing story, specialised “AI” tools (such as Google Big Sleep) are likely to have played a significant role in the dramatic increase in vulnerabilities found. Google states that it discovered 371 of these vulnerabilities itself; the remainder were detected and reported by external security researchers. To date, Google has awarded these researchers a total of $209,000 in bounties. In the Chrome Launches blog post, Srinivas Sista lists 429 security vulnerabilities fixed just two days after the patch was unveiled—far more than ever before.
Industry observers note that the majority of the vulnerabilities classified as critical are use-after-free (UAF) vulnerabilities in various components, such as the WebGL library Angle. A further 87 vulnerabilities are classified as high risk. Of the remaining vulnerabilities, 226 are considered medium risk and 94 low risk. Twenty-two of the vulnerabilities are classified as critical: CVE-2026-10881 to CVE-2026-10902.
In a fresh development, the WebGL library Angle accounts for the most resolved security vulnerabilities, with 37, followed by the extension interface and media handling, each with 18 vulnerabilities patched. If we add the errors in codecs, media handling accounts for 28 patched security vulnerabilities. In total, use-after-free vulnerabilities account for the largest share with 110 instances, followed by “insufficient validation” of inputs with 88, and “inappropriate implementation” with 60 vulnerabilities.
As part of the ongoing story, check out our picks for the best antivirus programs for Windows as well as best VPN services to stay ahead of security problems. Tip: Whether you keep your browser up to date, you need proper antivirus protections if you want your PC to remain secure and private.
In a fresh development, this article originally appeared on our sister publication PC-WELT and was translated and localized from German.
In a fresh development, his main topics are IT security (malware, antivirus, security gaps) and Internet technology. Frank Ziemann has been working as a freelance author for sister site PC-WELT since 2005, writing news and test reports.