Google Chrome: Update closes 429 security vulnerabilities

Anyone using Google Chrome to surf the web should ensure that this week's update is installed: it closes 429 security vulnerabilities, a record. Of these, 22 are classified as critical risks.

Meanwhile, Google has enriched the version announcement with the vulnerabilities closed by it – with 429 entries; this apparently took some time. The most serious vulnerability allows read and write access outside the intended memory boundaries in the Angle component (Almost Native Graphics Layer Engine). This potentially leads to an escape from the sandbox (CVE-2026-10881, CVSS 9.6, risk “critical”). The reporters of the vulnerability receive a reward of 97,000 US dollars, a remarkably high sum.

In addition to the 22 critical security vulnerabilities, the developers classify 87 as high risk, 226 as medium threat level, and 94 as low risk for users. At least Google does not mention that one or more of the security holes are already being exploited in the wild. Chrome 149.0.7827.59 for Android, 149.0.7827.53 for Linux, and 149.0.7827.53/54 for macOS and Windows contain the numerous bug fixes.

Updated Software

The update can be installed via the version dialog on your computer. To achieve this, open the browser menu and click on “Help” and then on “About <Browser Name>” or “Info” for some Chrome-based browsers. This shows the currently active software version and downloads available updates if necessary. On Linux, the distribution's software management is usually responsible for this. On mobile devices, however, users have to check the respective app store, but updates often arrive there with a significant delay – unfortunately, an accelerated update cannot be forced there.

Since other browsers are also based on Chromium, they are likely to deliver an extensive update as well – for example, Microsoft with the Edge browser. Last week, Google had already fixed a record number of vulnerabilities in Chrome, but there were “only” 151 vulnerabilities.

(dmk)