Google this week promoted Chrome 149 to the stable channel with patches for 429 vulnerabilities, a record for a single Chrome refresh.
Already exceeding several times the total number of Chrome security fixes released in 2025, the surge in Chrome flaws is likely driven by AI use, which led Google to lower Chrome bug bounties in April.
Over 100 of the newly resolved security defects are critical and high-severity issues, most of which are use-after-free and insufficient validation of untrusted input flaws.
The most severe of the bugs is CVE-2026-10881 (CVSS score of 9.6), an out-of-bounds read and write weakness in the ANGLE graphics engine.
Remote attackers could exploit the vulnerability to escape Chrome’s sandbox via crafted HTML pages, potentially achieving code execution on the underlying operating system.
