Google Rolls Out Chrome 149 Update to Fix 18 Security Flaws

Google has released version 149 of its Chrome browser, delivering an important security update that resolves 18 vulnerabilities, including several rated as critical. The company is urging users to install the latest version as soon as it becomes available or manually update their browsers to receive the protections immediately.

Among the most significant fixes are 10 “use after free” vulnerabilities, a type of memory corruption flaw that occurs when software attempts to access memory that has already been released. Such weaknesses can potentially allow attackers to seize control of affected systems, steal sensitive information, or trigger browser crashes.

Three of the patched “use after free” vulnerabilities have been classified as critical. Two of them, identified as CVE-2026-13028 and CVE-2026-13029, affect Chrome’s Web Graphics Library (WebGL), the JavaScript API used to render interactive 2D and 3D graphics within the browser. Another critical issue, tracked as CVE-2026-13038, impacts Chrome’s Autofill feature.

Google also addressed a critical out-of-bounds read vulnerability in Blink>InterestGroups, tracked as CVE-2026-13033. In addition, the update fixes CVE-2026-13035, a high-severity “use after free” flaw affecting Bluetooth, along with CVE-2026-13034, a high-impact inappropriate implementation issue in Chrome’s Passwords component. Two additional inappropriate implementation vulnerabilities with high severity ratings were also resolved.

The Stable channel has been updated to version 149.0.7827.196/197 for Windows and Mac, while Linux users will receive version 149.0.7827.196. Google said the rollout will continue over the coming days and weeks, although users can manually check for updates instead of waiting for the automatic deployment.

To reduce the risk of attackers developing exploits before most users are protected, Google is temporarily limiting access to detailed information about the vulnerabilities. The company said, “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

Although Google has not reported any evidence that the vulnerabilities addressed in Chrome 149 are being actively exploited, the company recommends updating the browser promptly to ensure systems are protected against potential threats.