Google Chrome 149 security update fixes 429 vulnerabilities.LightRocket via Getty ImagesThe impact on Google Chrome’s security from advances in AI continues to be felt, and the latest browser update shows just how hard the AI vulnerability detection shockwave is hitting. The latest update, which takes Chrome to version 149.0.7827.53/54, includes no less than 429 security vulnerabilities, of which 22 are replete with a Common Vulnerabilities and Exposures severity rating of critical. While some of these were discovered and disclosed by external security researchers, or bug bounty hunters if you prefer, the vast majority are credited to Google itself. There can be no doubt that Google’s internal security AI tooling is uncovering previously hidden security issues at some pace.The good news is that these security vulnerabilities have all been fixed with the release of Chrome 149.0.7827.53/54 on the Linux, Mac and Windows platforms, and none are known to have been used by attackers, so-called zero day exploits, before the update disclosure. The Chrome update will be heading your way soon, but you can manually force the update to be on the safe side, and I will explain how in a moment.ForbesNew Android 14, 15 And 16 Update Fixes Actively Exploited Security FlawBy Davey WinderGoogle Chrome Fixes 22 Critical Security Vulnerabilities, $209,000 In Bounties Awarded To ResearchersSecurity researchers continue to do good work uncovering hidden security vulnerabilities within the Chrome codebase, and some will use AI to help with their discoveries. They will also, however, use their experience and technical skills to provide proof of concepts for these discoveries. That such bug bounty prowess is not dead yet comes in the fact that these human hackers received a staggering $209,000 in reward payments for the flaws disclosed in the latest update. Security researchers continue to do good work uncovering hidden vulnerabilities in the Chrome codebase, and some will use AI to aid their discoveries. They will also, however, use their experience and technical skills to provide proof of concepts for these discoveries. That such bug bounty prowess is not dead yet comes in the fact that these human hackers received a staggering $209,000 in reward payments for the flaws disclosed in the latest update. The biggest of these, $97,000, went to an anonymous researcher for a critical-rated out-of-bounds read and write vulnerability in Chrome’s ANGLE component. This was followed by a payment of $43,000 to, and yes, this is the credited hacker identity, c6eed09fc8b174b0f3eebedcceb1e792, for a use-after-free vulnerability, also critical, in the Network component.MORE FOR YOUThe critical-rated vulnerabilities follow, whikle the full list of security flaws are listed by Google here.CVE-2026-10881: Out-of-bounds read and write in ANGLE. CVE-2026-10882: Use-after-free in Network. CVE-2026-10883: Out-of-bounds write in ANGLE. CVE-2026-10884: Use-after-free in Chromecast. CVE-2026-10885: Use-after-free in Chrome for iOS. CVE-2026-10886: Use-after-free in FileSystem. CVE-2026-10887: Use-after-free in Chromoting. CVE-2026-10888: Use-after-free in Cast Streaming. CVE-2026-10889: Out-of-bounds read in ANGLE. CVE-2026-10890: Use-after-free in Cast.CVE-2026-10891: Use-after-free in GFX. CVE-2026-10892: Out-of-bounds write in the GPU. CVE-2026-10893: Use-after-free in Chromoting. CVE-2026-10894: Use-after-free in Printing. CVE-2026-10895: Use-after-free in Ozone. CVE-2026-10896: Use-after-free in Chrome for iOS. CVE-2026-10897: Out-of-bounds write in the GPU. CVE-2026-10898: Stack buffer overflow in GPU. CVE-2026-10899: Use-after-free in Ozone. CVE-2026-10900: Use-after-free in Passwords. CVE-2026-10901: Use-after-free in Passwords. CVE-2026-10902: Use-after-free in Ozone.ForbesGoogle To Introduce Android AI Voice Scam Alerts Before End Of JuneBy Davey WinderWhile the first two of these got big bug bounty payments, I was surprised to see that two critical vulnerabilities impacting Chrome on iOS were included, as this is as rare as rocking horse poop. The two critical vulnerabilities impacting the Passwords component also, rather obviously, stood out for me. However, as I have already said, the good news is that these have now been fixed. Or at, least, they will be once your copy of Chrome has been updated. When it comes to Android and iOS this is just a matter of updating the app, but for desktop users there are two options available.The first is to wait for the update to hit your copy automatically, but since, according to Google Chrome’s Srinivas Sista, it’s rolling out “over the coming days/weeks,” you might wish to accelerate the process and trigger the update manually.You can do this using the following steps:Simply use the three-dot Chrome menu to select Help|About Google Chrome, and the update download and install process will begin.Once the installation is complete, Google Chrome will prompt you to restart to activate the protection.