Google Chrome Updates

[harlan4096]

Google Chrome 148.0.7778.96/97 Stable Channel Update for Desktop

This update includes 127 security fixes.

[$43000]493747582 Critical CVE-2026-7896: Integer overflow in Blink. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-18
[N/A]504069514 Critical CVE-2026-7897: Use after free in Mobile. Reported by Google on 2026-04-18
[N/A]504587882 Critical CVE-2026-7898: Use after free in Chromoting. Reported by Google on 2026-04-20
[$55000]505481948 High CVE-2026-7899: Out of bounds read and write in V8. Reported by Project WhatForLunch (@pjwhatforlunch) on 2026-04-23
[$16000]496503799 High CVE-2026-7900: Heap buffer overflow in ANGLE. Reported by Anonymous on 2026-03-26
[$16000]497724490 High CVE-2026-7901: Use after free in ANGLE. Reported by Syn4pse (@ret2happy) on 2026-03-30
[$8000]502030575 High CVE-2026-7902: Out of bounds memory access in V8. Reported by JunYoung Park(@candymate) of KAIST Hacking Lab on 2026-04-13
[TBD]491760376 High CVE-2026-7903: Integer overflow in ANGLE. Reported by heesun on 2026-03-11
[TBD]492350406 High CVE-2026-7904: Out of bounds read in Fonts. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-13
[N/A]495259842 High CVE-2026-7905: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-23
[N/A]496284584 High CVE-2026-7906: Use after free in SVG. Reported by Google on 2026-03-25
[N/A]496292089 High CVE-2026-7907: Use after free in DOM. Reported by Google on 2026-03-25
[N/A]497436531 High CVE-2026-7908: Use after free in Fullscreen. Reported by Google on 2026-03-29
[N/A]497437113 High CVE-2026-7909: Inappropriate implementation in ServiceWorker. Reported by Google on 2026-03-29
[N/A]497543810 High CVE-2026-7910: Use after free in Views. Reported by Google on 2026-03-29
[N/A]497548912 High CVE-2026-7911: Use after free in Aura. Reported by Google on 2026-03-29
[N/A]497639714 High CVE-2026-7912: Integer overflow in GPU. Reported by Google on 2026-03-30
[N/A]497936728 High CVE-2026-7913: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-30
[N/A]498401609 High CVE-2026-7914: Type Confusion in Accessibility. Reported by Google on 2026-04-01
[N/A]498454478 High CVE-2026-7915: Insufficient data validation in DevTools. Reported by Google on 2026-04-01
[N/A]498720754 High CVE-2026-7916: Insufficient data validation in InterestGroups. Reported by Google on 2026-04-01
[N/A]498752242 High CVE-2026-7917: Use after free in Fullscreen. Reported by Google on 2026-04-02
[N/A]498780188 High CVE-2026-7918: Use after free in GPU. Reported by Google on 2026-04-02
[N/A]498832921 High CVE-2026-7919: Use after free in Aura. Reported by Google on 2026-04-02
[N/A]498989348 High CVE-2026-7920: Use after free in Skia. Reported by Google on 2026-04-02
[N/A]499062376 High CVE-2026-7921: Use after free in Passwords. Reported by Google on 2026-04-02
[N/A]499449324 High CVE-2026-7922: Use after free in ServiceWorker. Reported by Google on 2026-04-04
[N/A]500080194 High CVE-2026-7923: Out of bounds write in Skia. Reported by Google on 2026-04-06
[N/A]500087204 High CVE-2026-7924: Uninitialized Use in Dawn. Reported by Google on 2026-04-06
[N/A]501833981 High CVE-2026-7925: Use after free in Chromoting. Reported by Google on 2026-04-12
[TBD]502249087 High CVE-2026-7926: Use after free in PresentationAPI. Reported by anonymous on 2026-04-14
[N/A]502830119 High CVE-2026-7927: Type Confusion in Runtime. Reported by Google on 2026-04-15
[N/A]504612429 High CVE-2026-7928: Use after free in WebRTC. Reported by Google on 2026-04-20
[N/A]504660052 High CVE-2026-7929: Use after free in MediaRecording. Reported by Google on 2026-04-20
[TBD]434825208 Medium CVE-2026-7930: Insufficient validation of untrusted input in Cookies. Reported by Satoki on 2025-07-29
[TBD]474338157 Medium CVE-2026-7931: Insufficient validation of untrusted input in iOS. Reported by Qadhafy Muhammad Tera on 2026-01-08
[TBD]481634116 Medium CVE-2026-7932: Insufficient policy enforcement in Downloads. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-02-04
[TBD]488585490 Medium CVE-2026-7933: Out of bounds read in WebCodecs. Reported by heapracer (@heapracer) on 2026-03-01
[N/A]489023922 Medium CVE-2026-7934: Insufficient validation of untrusted input in Popup Blocker. Reported by Google on 2026-03-02
[TBD]489624550 Medium CVE-2026-7935: Inappropriate implementation in Speech. Reported by Qadhafy Muhammad Tera on 2026-03-04
[TBD]490485402 Medium CVE-2026-7936: Object lifecycle issue in V8. Reported by Christian Holler on 2026-03-07
[TBD]491766258 Medium CVE-2026-7937: Insufficient policy enforcement in DevTools. Reported by lebr0nli of National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab on 2026-03-11
[TBD]492735384 Medium CVE-2026-7938: Use after free in CSS. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-15
[TBD]492963096 Medium CVE-2026-7939: Inappropriate implementation in SanitizerAPI. Reported by s3zer0 on 2026-03-15
[TBD]493631402 Medium CVE-2026-7940: Use after free in V8. Reported by sakana on 2026-03-17
[TBD]493955234 Medium CVE-2026-7941: Insufficient validation of untrusted input in Mobile. Reported by Adithya Kotian on 2026-03-19
[N/A]495363705 Medium CVE-2026-7942: Integer overflow in ANGLE. Reported by Google on 2026-03-23
[TBD]495373657 Medium CVE-2026-7943: Insufficient validation of untrusted input in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-23
[N/A]495783187 Medium CVE-2026-7944: Insufficient validation of untrusted input in Persistent Cache. Reported by Google on 2026-03-24
[N/A]495802788 Medium CVE-2026-7945: Insufficient validation of untrusted input in COOP. Reported by Google on 2026-03-24
[N/A]496016840 Medium CVE-2026-7946: Insufficient policy enforcement in WebUI. Reported by Google on 2026-03-25
[N/A]496169594 Medium CVE-2026-7947: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-25
[N/A]496193452 Medium CVE-2026-7948: Race in Chromoting. Reported by Google on 2026-03-25
[N/A]496206134 Medium CVE-2026-7949: Out of bounds read in Skia. Reported by Google on 2026-03-25
[N/A]496259890 Medium CVE-2026-7950: Out of bounds read and write in GFX. Reported by Google on 2026-03-25
[TBD]496266456 Medium CVE-2026-7951: Out of bounds write in WebRTC. Reported by soft.connect.fr on 2026-03-26
[N/A]496279876 Medium CVE-2026-7952: Insufficient policy enforcement in Extensions. Reported by Google on 2026-03-25
[N/A]496379792 Medium CVE-2026-7953: Insufficient validation of untrusted input in Omnibox. Reported by Google on 2026-03-26
[N/A]496380960 Medium CVE-2026-7954: Race in Shared Storage. Reported by Google on 2026-03-26
[N/A]496441232 Medium CVE-2026-7955: Uninitialized Use in GPU. Reported by Google on 2026-03-26
[N/A]496463315 Medium CVE-2026-7956: Use after free in Navigation. Reported by Google on 2026-03-26
[N/A]496607380 Medium CVE-2026-7957: Out of bounds write in Media. Reported by Google on 2026-03-26
[N/A]496632973 Medium CVE-2026-7958: Inappropriate implementation in ServiceWorker. Reported by Google on 2026-03-26
[N/A]496645205 Medium CVE-2026-7959: Inappropriate implementation in Navigation. Reported by Google on 2026-03-26
[N/A]497007825 Medium CVE-2026-7960: Race in Speech. Reported by Google on 2026-03-27
[N/A]497008295 Medium CVE-2026-7961: Insufficient validation of untrusted input in Permissions. Reported by Google on 2026-03-27
[N/A]497081987 Medium CVE-2026-7962: Insufficient policy enforcement in DirectSockets. Reported by Google on 2026-03-28
[N/A]497250399 Medium CVE-2026-7963: Inappropriate implementation in ServiceWorker. Reported by Google on 2026-03-28
[N/A]497254383 Medium CVE-2026-7964: Insufficient validation of untrusted input in FileSystem. Reported by Google on 2026-03-28
[N/A]497255035 Medium CVE-2026-7965: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-03-28
[N/A]497341787 Medium CVE-2026-7966: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-03-29
[N/A]497365545 Medium CVE-2026-7967: Insufficient validation of untrusted input in Navigation. Reported by Google on 2026-03-29
[N/A]497432281 Medium CVE-2026-7968: Insufficient validation of untrusted input in CORS. Reported by Google on 2026-03-29
[N/A]497450574 Medium CVE-2026-7969: Integer overflow in Network. Reported by Google on 2026-03-29
[N/A]497487462 Medium CVE-2026-7970: Use after free in TopChrome. Reported by Google on 2026-03-29
[N/A]497529290 Medium CVE-2026-7971: Inappropriate implementation in ORB. Reported by Google on 2026-03-29
[N/A]497546281 Medium CVE-2026-7972: Uninitialized Use in GPU. Reported by Google on 2026-03-29
[N/A]497565944 Medium CVE-2026-7973: Integer overflow in Dawn. Reported by Google on 2026-03-29
[N/A]497649372 Medium CVE-2026-7974: Use after free in Blink. Reported by Google on 2026-03-30
[N/A]497735587 Medium CVE-2026-7975: Use after free in DevTools. Reported by Google on 2026-03-30
[N/A]497736679 Medium CVE-2026-7976: Use after free in Views. Reported by Google on 2026-03-30
[N/A]497821223 Medium CVE-2026-7977: Inappropriate implementation in Canvas. Reported by Google on 2026-03-30
[N/A]497828892 Medium CVE-2026-7978: Inappropriate implementation in Companion. Reported by Google on 2026-03-30
[N/A]497849876 Medium CVE-2026-7979: Inappropriate implementation in Media. Reported by Google on 2026-03-30
[N/A]497859275 Medium CVE-2026-7980: Use after free in WebAudio. Reported by Google on 2026-03-30
[N/A]497926602 Medium CVE-2026-7981: Out of bounds read in Codecs. Reported by Google on 2026-03-30
[N/A]497952533 Medium CVE-2026-7982: Uninitialized Use in WebCodecs. Reported by Google on 2026-03-30
[N/A]497975608 Medium CVE-2026-7983: Out of bounds read in Dawn. Reported by Google on 2026-03-31
[N/A]498277368 Medium CVE-2026-7984: Use after free in ReadingMode. Reported by Google on 2026-03-31
[N/A]498352423 Medium CVE-2026-7985: Use after free in GPU. Reported by Google on 2026-03-31
[N/A]498396238 Medium CVE-2026-7986: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-01
[N/A]498696266 Medium CVE-2026-7987: Use after free in WebRTC. Reported by Google on 2026-04-01
[N/A]498753456 Medium CVE-2026-7988: Type Confusion in WebRTC. Reported by Google on 2026-04-02
[N/A]498765082 Medium CVE-2026-7989: Insufficient data validation in DataTransfer. Reported by Google on 2026-04-02
[N/A]498892267 Medium CVE-2026-7990: Insufficient validation of untrusted input in Updater. Reported by Google on 2026-04-02
[N/A]499065126 Medium CVE-2026-7991: Use after free in UI. Reported by Google on 2026-04-02
[N/A]499067529 Medium CVE-2026-7992: Insufficient validation of untrusted input in UI. Reported by Google on 2026-04-02
[N/A]499099003 Medium CVE-2026-7993: Insufficient validation of untrusted input in Payments. Reported by Google on 2026-04-03
[N/A]499116954 Medium CVE-2026-7994: Inappropriate implementation in Chromoting. Reported by Google on 2026-04-03
[N/A]501745798 Medium CVE-2026-7995: Out of bounds read in AdFilter. Reported by Google on 2026-04-11
[TBD]484547631 Low CVE-2026-7996: Insufficient validation of untrusted input in SSL. Reported by heesun on 2026-02-15
[TBD]487960705 Low CVE-2026-7997: Insufficient validation of untrusted input in Updater. Reported by ochkofficial on 2026-02-26
[TBD]491676472 Low CVE-2026-7998: Insufficient validation of untrusted input in Dialog. Reported by Tianyi Hu on 2026-03-11
[TBD]493099941 Low CVE-2026-7999: Inappropriate implementation in V8. Reported by Taisic Yun (@taisic) of Theori on 2026-03-16
[TBD]494464734 Low CVE-2026-8000: Insufficient validation of untrusted input in ChromeDriver. Reported by Ryan Jupp - HAAO on 2026-03-20
[TBD]494764371 Low CVE-2026-8001: Use after free in Printing. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-21
[N/A]495779613 Low CVE-2026-8002: Use after free in Audio. Reported by Google on 2026-03-24
[N/A]495985532 Low CVE-2026-8003: Insufficient validation of untrusted input in TabGroups. Reported by Google on 2026-03-25
[N/A]496189510 Low CVE-2026-8004: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-25
[N/A]496298665 Low CVE-2026-8005: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-03-25
[N/A]496373088 Low CVE-2026-8006: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-26
[N/A]496399759 Low CVE-2026-8007: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-03-26
[N/A]496426191 Low CVE-2026-8008: Inappropriate implementation in DevTools. Reported by Google on 2026-03-26
[N/A]496555077 Low CVE-2026-8009: Inappropriate implementation in Cast. Reported by Google on 2026-03-26
[N/A]496624084 Low CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-03-26
[N/A]496626029 Low CVE-2026-8011: Insufficient policy enforcement in Search. Reported by Google on 2026-03-26
[N/A]496628298 Low CVE-2026-8012: Inappropriate implementation in MHTML. Reported by Google on 2026-03-26
[N/A]497427430 Low CVE-2026-8013: Insufficient validation of untrusted input in FedCM. Reported by Google on 2026-03-29
[N/A]497490364 Low CVE-2026-8014: Inappropriate implementation in Preload. Reported by Google on 2026-03-29
[N/A]497548558 Low CVE-2026-8015: Inappropriate implementation in Media. Reported by Google on 2026-03-29
[N/A]497695401 Low CVE-2026-8016: Use after free in WebRTC. Reported by Google on 2026-03-30
[N/A]497722578 Low CVE-2026-8017: Side-channel information leakage in Media. Reported by Google on 2026-03-30
[N/A]498292657 Low CVE-2026-8018: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-31
[N/A]498353173 Low CVE-2026-8019: Insufficient policy enforcement in WebApp. Reported by Google on 2026-03-31
[N/A]498382925 Low CVE-2026-8020: Uninitialized Use in GPU. Reported by Google on 2026-04-01
[N/A]498417031 Low CVE-2026-8021: Script injection in UI. Reported by Google on 2026-04-01
[N/A]499194407 Low CVE-2026-8022: Inappropriate implementation in MHTML. Reported by Google on 2026-04-03

Stable Channel Update for Desktop

[harlan4096]

The security updates are posted:

This update includes 79 security fixes. Below, we highlight fixes that were contributed by external researchers.

[$43000]493310462 Critical CVE-2026-8509: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-17
[$25000]502636904 Critical CVE-2026-8510: Integer overflow in Skia. Reported by q@calif.io on 2026-04-14
[N/A]495108488 Critical CVE-2026-8511: Use after free in UI. Reported by Google on 2026-03-22
[N/A]495782021 Critical CVE-2026-8512: Use after free in FileSystem. Reported by Google on 2026-03-24
[N/A]495939973 Critical CVE-2026-8513: Use after free in Input. Reported by Google on 2026-03-25
[N/A]495948109 Critical CVE-2026-8514: Use after free in Aura. Reported by Google on 2026-03-25
[N/A]495999127 Critical CVE-2026-8515: Use after free in HID. Reported by Google on 2026-03-25
[N/A]496393078 Critical CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer. Reported by Google on 2026-03-26
[N/A]497531263 Critical CVE-2026-8517: Object lifecycle issue in WebShare. Reported by Google on 2026-03-29
[N/A]497830330 Critical CVE-2026-8518: Use after free in Blink. Reported by Google on 2026-03-30
[N/A]498400132 Critical CVE-2026-8519: Integer overflow in ANGLE. Reported by Google on 2026-04-01
[N/A]503619813 Critical CVE-2026-8520: Race in Payments. Reported by Google on 2026-04-17
[N/A]504106200 Critical CVE-2026-8521: Use after free in Tab Groups. Reported by Google on 2026-04-18
[N/A]504185107 Critical CVE-2026-8522: Use after free in Downloads. Reported by Google on 2026-04-19
[$25000]483956252 High CVE-2026-8523: Use after free in Mojo. Reported by Paul Seekamp / nullenc0de on 2026-02-12
[$10000]503425922 High CVE-2026-8558: Out of bounds write in Fonts. Reported by Matej Smycka on 2026-04-16
[$7000]499565267 High CVE-2026-8524: Out of bounds write in WebAudio. Reported by Brendan Dolan-Gavitt, XBOW on 2026-04-06
[$2000]497928952 High CVE-2026-8525: Heap buffer overflow in ANGLE. Reported by Nathaniel Oh (@calysteon) on 2026-03-30
[TBD]486536241 High CVE-2026-8526: Out of bounds write in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22
[TBD]486761172 High CVE-2026-8527: Insufficient validation of untrusted input in Downloads. Reported by rachmat.abdul.ro on 2026-02-23
[N/A]487795397 High CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-02-26
[N/A]490222151 High CVE-2026-8529: Heap buffer overflow in Codecs. Reported by Google on 2026-03-06
[N/A]491930142 High CVE-2026-8530: Use after free in Network. Reported by Google on 2026-03-11
[TBD]492350403 High CVE-2026-8531: Heap buffer overflow in WebML. Reported by Syn4pse on 2026-03-13
[N/A]492812194 High CVE-2026-8532: Integer overflow in XML. Reported by Google on 2026-03-14
[N/A]495247950 High CVE-2026-8533: Use after free in Accessibility. Reported by Google on 2026-03-23
[N/A]495314407 High CVE-2026-8534: Integer overflow in GPU. Reported by Google on 2026-03-23
[N/A]495530312 High CVE-2026-8535: Out of bounds read in Media. Reported by Google on 2026-03-23
[N/A]495857582 High CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode. Reported by Google on 2026-03-24
[N/A]495890000 High CVE-2026-8537: Insufficient policy enforcement in ViewTransitions. Reported by Google on 2026-03-24
[N/A]496415073 High CVE-2026-8538: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-03-26
[TBD]496524586 High CVE-2026-8539: Script injection in SanitizerAPI. Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po) on 2026-03-26
[TBD]496627235 High CVE-2026-8540: Type Confusion in V8. Reported by Google on 2026-03-26
[N/A]496645393 High CVE-2026-8541: Out of bounds read in UI. Reported by Google on 2026-03-26
[N/A]497066659 High CVE-2026-8542: Use after free in Core. Reported by Google on 2026-03-28
[N/A]497095799 High CVE-2026-8543: Out of bounds read in FileSystem. Reported by Google on 2026-03-28
[N/A]497151750 High CVE-2026-8544: Use after free in Media. Reported by Google on 2026-03-28
[N/A]497486030 High CVE-2026-8545: Object corruption in Compositing. Reported by Google on 2026-03-29
[N/A]497531791 High CVE-2026-8546: Out of bounds read in GPU. Reported by Google on 2026-03-29
[N/A]497632199 High CVE-2026-8547: Insufficient policy enforcement in Passwords. Reported by Google on 2026-03-30
[N/A]497821764 High CVE-2026-8548: Out of bounds write in Media. Reported by Google on 2026-03-30
[N/A]497985088 High CVE-2026-8549: Use after free in Media. Reported by Google on 2026-03-31
[N/A]498322453 High CVE-2026-8550: Use after free in Google Lens. Reported by Google on 2026-03-31
[N/A]498376171 High CVE-2026-8551: Use after free in Downloads. Reported by Google on 2026-04-01
[N/A]498706958 High CVE-2026-8552: Heap buffer overflow in GPU. Reported by Google on 2026-04-01
[N/A]498715368 High CVE-2026-8553: Use after free in GPU. Reported by Google on 2026-04-01
[N/A]499131214 High CVE-2026-8554: Type Confusion in ANGLE. Reported by Google on 2026-04-03
[N/A]500033878 High CVE-2026-8555: Use after free in GTK. Reported by Google on 2026-04-06
[N/A]500052361 High CVE-2026-8556: Inappropriate implementation in ANGLE. Reported by Google on 2026-04-06
[N/A]502978647 High CVE-2026-8557: Use after free in Accessibility. Reported by Google on 2026-04-15
[N/A]504629701 High CVE-2026-8559: Integer overflow in Internationalization. Reported by Google on 2026-04-20
[TBD]328109821 Medium CVE-2026-8560: Heap buffer overflow in SwiftShader. Reported by Cassidy Kim(@cassidy6564) on 2024-03-05
[TBD]343352552 Medium CVE-2026-8561: Incorrect security UI in Fullscreen. Reported by Wolfgang Ettlinger (aff. Certitude Consulting GmbH) Alexander Hurbean (aff. Certitude Consulting GmbH) on 2024-05-29
[N/A]40057534 Medium CVE-2026-8562: Side-channel information leakage in Navigation. Reported by Google on 2021-10-06
[TBD]40061220 Medium CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox. Reported by Luan Herrera (@lbherrera_) on 2022-10-04
[TBD]418273622 Medium CVE-2026-8564: Incorrect security UI in Downloads. Reported by Alesandro Ortiz Alesandro Ortiz on 2025-05-16
[TBD]442860473 Medium CVE-2026-8565: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-09-04
[TBD]470646792 Medium CVE-2026-8566: Insufficient policy enforcement in Payments. Reported by Jorian Woltjer on 2025-12-21
[TBD]484986863 Medium CVE-2026-8567: Integer overflow in ANGLE. Reported by cinzinga on 2026-02-16
[TBD]488728570 Medium CVE-2026-8568: Insufficient policy enforcement in AI. Reported by Tianyi Hu on 2026-03-01
[N/A]490229299 Medium CVE-2026-8569: Out of bounds write in Codecs. Reported by Google on 2026-03-06
[N/A]490353576 Medium CVE-2026-8570: Type Confusion in V8. Reported by Google on 2026-03-06
[TBD]491422244 Medium CVE-2026-8571: Insufficient policy enforcement in GPU. Reported by Mark Blaszczyk on 2026-03-10
[N/A]495405493 Medium CVE-2026-8572: Insufficient policy enforcement in Network. Reported by Google on 2026-03-23
[N/A]495417883 Medium CVE-2026-8573: Integer overflow in Codecs. Reported by Google on 2026-03-23
[N/A]495902113 Medium CVE-2026-8574: Use after free in Core. Reported by Google on 2026-03-24
[N/A]496217775 Medium CVE-2026-8575: Use after free in UI. Reported by Google on 2026-03-25
[N/A]496231853 Medium CVE-2026-8576: Inappropriate implementation in CORS. Reported by Google on 2026-03-25
[N/A]496302307 Medium CVE-2026-8577: Integer overflow in Fonts. Reported by Google on 2026-03-25
[N/A]496395450 Medium CVE-2026-8578: Out of bounds read in GPU. Reported by Google on 2026-03-26
[N/A]496526419 Medium CVE-2026-8579: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-03-26
[N/A]496639647 Medium CVE-2026-8580: Use after free in Mojo. Reported by Google on 2026-03-26
[N/A]497292072 Medium CVE-2026-8581: Use after free in GPU. Reported by Google on 2026-03-28
[N/A]497594413 Medium CVE-2026-8582: Object lifecycle issue in Dawn. Reported by Google on 2026-03-30
[N/A]497975477 Medium CVE-2026-8583: Insufficient policy enforcement in WebXR. Reported by Google on 2026-03-31
[N/A]498892595 Medium CVE-2026-8584: Inappropriate implementation in Views. Reported by Google on 2026-04-02
[N/A]499052720 Medium CVE-2026-8585: Inappropriate implementation in Media. Reported by Google on 2026-04-02
[N/A]499154022 Medium CVE-2026-8586: Inappropriate implementation in Chromoting. Reported by Google on 2026-04-03
[TBD]507356235 Medium CVE-2026-8587: Use after free in Extensions. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2026-04-28

Stable Channel Update for Desktop

[harlan4096]

Google Chrome 148.0.7778.178/179 Stable Channel Update for Desktop

This update includes 16 security fixes. Below, we highlight fixes that were contributed by external researchers.

[N/A]504551032 Critical CVE-2026-9111: Use after free in WebRTC. Reported by Google on 2026-04-20
[N/A]503551154 Critical CVE-2026-9110: Inappropriate implementation in UI. Reported by Google on 2026-04-20
[$11000]489791425 High CVE-2026-9112: Use after free in GPU. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-05
[$3000]489585044 High CVE-2026-9113: Out of bounds read in GPU. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-04
[N/A]495798630 High CVE-2026-9114: Use after free in QUIC. Reported by Google on 2026-03-24
[N/A]495999481 High CVE-2026-9115: Insufficient policy enforcement in Service Worker. Reported by Google on 2026-03-25
[N/A]497436273 High CVE-2026-9116: Insufficient policy enforcement in ServiceWorker. Reported by Google on 2026-03-29
[N/A]497542537 High CVE-2026-9117: Type Confusion in GFX. Reported by Google on 2026-04-01
[N/A]498702233 High CVE-2026-9118: Use after free in XR. Reported by Google on 2026-04-14
[N/A]502661101 High CVE-2026-9119: Heap buffer overflow in WebRTC. Reported by Google on 2026-04-17
[N/A]504620824 High CVE-2026-9120: Use after free in WebRTC. Reported by Google on 2026-04-20
[N/A]496280532 Medium CVE-2026-9126: Use after free in DOM. Reported by Google on 2026-03-25
[TBD]488064108 Medium CVE-2026-9121: Out of bounds read in GPU. Reported by David Korczynski (Adalogics) on 2026-02-26
[TBD]489579953 Medium CVE-2026-9122: Out of bounds read in GPU. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-04
[N/A]495988507 Medium CVE-2026-9123: Heap buffer overflow in Chromecast. Reported by Google on 2026-03-25
[N/A]496375695 Medium CVE-2026-9124: Insufficient validation of untrusted input in Input. Reported by Google on 2026-03-29

Stable Channel Update for Desktop

[harlan4096]

Google Chrome 148.0.7778.216/217 for Windows and 148.0.7778.215/216 Mac and 148.0.7778.215 for Linux Stable Channel Update for Desktop

This update includes 151 security fixes.

[$43000]505077859 Critical CVE-2026-9872: Out of bounds write in GPU. Reported by cinzinga on 2026-04-21

[$43000]507365348 Critical CVE-2026-9873: Use after free in Network. Reported by cinzinga on 2026-04-28

[$11000]500609038 Critical CVE-2026-9874: Use after free in Dawn. Reported by Anonymous on 2026-04-08

[$5000]507508103 Critical CVE-2026-9875: Out of bounds read in WebGL. Reported by Anonymous on 2026-04-29

[TBD]493747593 Critical CVE-2026-9876: Use after free in WebGL. Reported by happy2me on 2026-03-18

[N/A]496445460 Critical CVE-2026-9877: Use after free in ANGLE. Reported by Google on 2026-03-26

[N/A]499054245 Critical CVE-2026-9878: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A]499129768 Critical CVE-2026-9879: Out of bounds write in ANGLE. Reported by Google on 2026-04-03

[N/A]503615025 Critical CVE-2026-9880: Insufficient validation of untrusted input in WebGL. Reported by Google on 2026-04-17

[N/A]505140741 Critical CVE-2026-9881: Use after free in Bluetooth. Reported by Google on 2026-04-22

[N/A]506375217 Critical CVE-2026-9882: Integer overflow in ANGLE. Reported by Google on 2026-04-25

[N/A]506477192 Critical CVE-2026-9883: Use after free in Base. Reported by Google on 2026-04-25

[N/A]508289938 Critical CVE-2026-9884: Use after free in Browser. Reported by Google on 2026-04-30

[N/A]508452241 Critical CVE-2026-9885: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-01

[N/A]508456788 Critical CVE-2026-9886: Use after free in Base. Reported by Google on 2026-05-01

[N/A]511249104 Critical CVE-2026-9887: Use after free in Proxy. Reported by Google on 2026-05-08

[N/A]511715166 Critical CVE-2026-9888: Use after free in WebView. Reported by Google on 2026-05-10

[N/A]511727159 Critical CVE-2026-9889: Out of bounds read and write in Dawn. Reported by Google on 2026-05-10

[N/A]513135985 Critical CVE-2026-9890: Use after free in XR. Reported by Google on 2026-05-14

[N/A]513508128 Critical CVE-2026-9891: Use after free in Extensions. Reported by Google on 2026-05-15

[N/A]513948178 Critical CVE-2026-9892: Inappropriate implementation in Skia. Reported by Google on 2026-05-16

[N/A]513972075 Critical CVE-2026-9893: Use after free in Skia. Reported by Google on 2026-05-17

[$25000]507707838 High CVE-2026-9894: Use after free in GPU. Reported by tohafrit on 2026-04-29

[$3000]491685406 High CVE-2026-9895: Out of bounds read in GPU. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-11

[$500]508811474 High CVE-2026-9896: Out of bounds write in V8. Reported by 303f06e3 on 2026-05-02

[N/A]496271580 High CVE-2026-9897: Use after free in DOM. Reported by Google on 2026-03-25

[N/A]496282591 High CVE-2026-9898: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-03-25

[N/A]497533569 High CVE-2026-9899: Use after free in ANGLE. Reported by Google on 2026-03-29

[N/A]497637277 High CVE-2026-9900: Out of bounds write in ANGLE. Reported by Google on 2026-03-30

[N/A]497737770 High CVE-2026-9901: Use after free in ANGLE. Reported by Google on 2026-03-30

[N/A]498205735 High CVE-2026-9902: Use after free in Accessibility. Reported by Google on 2026-03-31

[N/A]498783665 High CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation. Reported by Google on 2026-04-02

[N/A]498804020 High CVE-2026-9904: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A]498883610 High CVE-2026-9905: Use after free in Accessibility. Reported by Google on 2026-04-02

[N/A]499005260 High CVE-2026-9906: Out of bounds write in GPU. Reported by Google on 2026-04-02

[N/A]499091269 High CVE-2026-9907: Out of bounds read in Dawn. Reported by Google on 2026-04-03

[N/A]499091328 High CVE-2026-9908: Out of bounds read in ANGLE. Reported by Google on 2026-04-03

[N/A]499152771 High CVE-2026-9909: Integer overflow in Skia. Reported by Google on 2026-04-03

[N/A]499176133 High CVE-2026-9910: Out of bounds memory access in ANGLE. Reported by Google on 2026-04-03

[N/A]499205491 High CVE-2026-9911: Integer overflow in ANGLE. Reported by Google on 2026-04-03

[N/A]499873765 High CVE-2026-9912: Inappropriate implementation in GPU. Reported by Google on 2026-04-06

[N/A]500046096 High CVE-2026-9913: Inappropriate implementation in ANGLE. Reported by Google on 2026-04-06

[N/A]500047428 High CVE-2026-9914: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-06

[N/A]500063836 High CVE-2026-9915: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-06

[N/A]500080303 High CVE-2026-9916: Out of bounds write in ANGLE. Reported by Google on 2026-04-06

[N/A]500095304 High CVE-2026-9917: Uninitialized Use in WebGL. Reported by Google on 2026-04-06

[N/A]500099471 High CVE-2026-9918: Inappropriate implementation in Tint. Reported by Google on 2026-04-06

[N/A]500114058 High CVE-2026-9919: Out of bounds read in WebGL. Reported by Google on 2026-04-06

[N/A]500138014 High CVE-2026-9920: Uninitialized Use in GPU. Reported by Google on 2026-04-07

[N/A]500150338 High CVE-2026-9921: Uninitialized Use in WebGL. Reported by Google on 2026-04-07

[N/A]500187083 High CVE-2026-9922: Use after free in GPU. Reported by Google on 2026-04-07

[N/A]500393328 High CVE-2026-9923: Use after free in Skia. Reported by Google on 2026-04-07

[N/A]500398345 High CVE-2026-9924: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-07

[N/A]500536458 High CVE-2026-9925: Use after free in ANGLE. Reported by Google on 2026-04-08

[N/A]500540748 High CVE-2026-9926: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-08

[N/A]500540958 High CVE-2026-9927: Use after free in ANGLE. Reported by Google on 2026-04-08

[TBD]501125002 High CVE-2026-9928: Out of bounds read in ANGLE. Reported by Jeff Muizelaar - Mozilla on 2026-04-09

[N/A]501367791 High CVE-2026-9929: Inappropriate implementation in WebGL. Reported by Google on 2026-04-10

[N/A]501499832 High CVE-2026-9930: Out of bounds write in Dawn. Reported by Google on 2026-04-10

[N/A]501524262 High CVE-2026-9931: Use after free in GPU. Reported by Google on 2026-04-10

[N/A]501563323 High CVE-2026-9932: Use after free in ANGLE. Reported by Google on 2026-04-11

[N/A]501575979 High CVE-2026-9933: Use after free in Input. Reported by Google on 2026-04-11

[N/A]501576946 High CVE-2026-9934: Use after free in Aura. Reported by Google on 2026-04-11

[N/A]501584689 High CVE-2026-9935: Uninitialized Use in ANGLE. Reported by Google on 2026-04-11

[N/A]502104354 High CVE-2026-9936: Use after free in GFX. Reported by Google on 2026-04-13

[N/A]502112506 High CVE-2026-9937: Use after free in UI. Reported by Google on 2026-04-13

[N/A]502300817 High CVE-2026-9938: Inappropriate implementation in V8. Reported by Google on 2026-04-13

[N/A]502735235 High CVE-2026-9939: Heap buffer overflow in WebCodecs. Reported by Google on 2026-04-15

[N/A]502738003 High CVE-2026-9940: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-15

[N/A]502812366 High CVE-2026-9941: Use after free in ANGLE. Reported by Google on 2026-04-15

[N/A]503438092 High CVE-2026-9942: Uninitialized Use in ANGLE. Reported by Google on 2026-04-16

[N/A]503464551 High CVE-2026-9943: Out of bounds read in WebGL. Reported by Google on 2026-04-16

[N/A]503471286 High CVE-2026-9944: Uninitialized Use in ANGLE. Reported by Google on 2026-04-16

[N/A]503565293 High CVE-2026-9945: Use after free in Media. Reported by Google on 2026-04-17

[N/A]503596863 High CVE-2026-9946: Use after free in ANGLE. Reported by Google on 2026-04-17

[N/A]503627446 High CVE-2026-9947: Use after free in XML. Reported by Google on 2026-04-17

[N/A]503790201 High CVE-2026-9948: Use after free in Views. Reported by Google on 2026-04-17

[N/A]503793153 High CVE-2026-9949: Use after free in Core. Reported by Google on 2026-04-17

[N/A]503862359 High CVE-2026-9950: Insufficient validation of untrusted input in iOS. Reported by Google on 2026-04-17

[N/A]503873388 High CVE-2026-9951: Use after free in UI. Reported by Google on 2026-04-17

[N/A]503929476 High CVE-2026-9952: Use after free in WebAudio. Reported by Google on 2026-04-18

[N/A]503985322 High CVE-2026-9953: Out of bounds read in ANGLE. Reported by Google on 2026-04-18

[TBD]504175497 High CVE-2026-9954: Use after free in TabStrip. Reported by yueliu of Microsoft on 2026-04-19

[N/A]504184408 High CVE-2026-9955: Inappropriate implementation in iOS. Reported by Google on 2026-04-19

[N/A]504195132 High CVE-2026-9956: Use after free in iOS. Reported by Google on 2026-04-19

[N/A]504516117 High CVE-2026-9957: Use after free in PDF. Reported by Google on 2026-04-20

[N/A]504555886 High CVE-2026-9958: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A]504557432 High CVE-2026-9959: Race in WebRTC. Reported by Google on 2026-04-20

[N/A]504573260 High CVE-2026-9960: Integer overflow in PDFium. Reported by Google on 2026-04-20

[N/A]504710769 High CVE-2026-9961: Use after free in SurfaceCapture. Reported by Google on 2026-04-20

[N/A]504716948 High CVE-2026-9962: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A]505143241 High CVE-2026-9963: Uninitialized Use in iOS. Reported by Google on 2026-04-22

[N/A]505190999 High CVE-2026-9964: Use after free in Bluetooth. Reported by Google on 2026-04-22

[N/A]506377574 High CVE-2026-9965: Out of bounds write in ANGLE. Reported by Google on 2026-04-25

[N/A]506388321 High CVE-2026-9966: Integer overflow in XML. Reported by Google on 2026-04-25

[N/A]506414791 High CVE-2026-9967: Out of bounds write in GPU. Reported by Google on 2026-04-25

[N/A]506499280 High CVE-2026-9968: Integer overflow in V8. Reported by Google on 2026-04-25

[N/A]506550494 High CVE-2026-9969: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-26

[TBD]506653647 High CVE-2026-9970: Use after free in WebGL. Reported by TFGC on 2026-04-26

[N/A]508448586 High CVE-2026-9971: Inappropriate implementation in iOS. Reported by Google on 2026-05-01

[N/A]508463705 High CVE-2026-9972: Uninitialized Use in Gamepad. Reported by Google on 2026-05-01

[TBD]509268941 High CVE-2026-9973: Out of bounds write in V8. Reported by amyb of OpenAI on 2026-05-04

[N/A]511710468 High CVE-2026-9974: Out of bounds write in GPU. Reported by Google on 2026-05-10

[N/A]511719039 High CVE-2026-9975: Out of bounds read and write in ANGLE. Reported by Google on 2026-05-10

[N/A]511732828 High CVE-2026-9976: Inappropriate implementation in USB. Reported by Google on 2026-05-10

[N/A]511741173 High CVE-2026-9977: Insufficient validation of untrusted input in WebShare. Reported by Google on 2026-05-10

[N/A]511741396 High CVE-2026-9978: Use after free in Glic. Reported by Google on 2026-05-10

[N/A]511742228 High CVE-2026-9979: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-10

[N/A]511776372 High CVE-2026-9980: Insufficient validation of untrusted input in Printing. Reported by Google on 2026-05-10

[N/A]512995705 High CVE-2026-9981: Inappropriate implementation in Skia. Reported by Google on 2026-05-13

[N/A]513001247 High CVE-2026-9982: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-13

[N/A]513001309 High CVE-2026-9983: Type Confusion in Skia. Reported by Google on 2026-05-14

[N/A]513002543 High CVE-2026-9984: Use after free in UI. Reported by Google on 2026-05-14

[N/A]513019760 High CVE-2026-9985: Insufficient validation of untrusted input in Media. Reported by Google on 2026-05-14

[N/A]513028160 High CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide. Reported by Google on 2026-05-14

[N/A]513046475 High CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-05-14

[N/A]513049286 High CVE-2026-9988: Use after free in WebRTC. Reported by Google on 2026-05-14

[N/A]513054053 High CVE-2026-9989: Inappropriate implementation in Media. Reported by Google on 2026-05-14

[N/A]513128608 High CVE-2026-9990: Use after free in WebAppInstalls. Reported by Google on 2026-05-14

[N/A]513173565 High CVE-2026-9991: Inappropriate implementation in Media. Reported by Google on 2026-05-14

[N/A]513177826 High CVE-2026-9992: Use after free in Network. Reported by Google on 2026-05-14

[N/A]513208588 High CVE-2026-9993: Use after free in Views. Reported by Google on 2026-05-14

[N/A]513235131 High CVE-2026-9994: Use after free in Core. Reported by Google on 2026-05-14

[N/A]513256572 High CVE-2026-9995: Use after free in WebXR. Reported by Google on 2026-05-14

[N/A]513268100 High CVE-2026-9996: Out of bounds read in WebRTC. Reported by Google on 2026-05-14

[N/A]513324041 High CVE-2026-9997: Use after free in Input. Reported by Google on 2026-05-14

[N/A]513337118 High CVE-2026-9998: Integer overflow in Skia. Reported by Google on 2026-05-14

[N/A]513364480 High CVE-2026-9999: Inappropriate implementation in ANGLE. Reported by Google on 2026-05-15

[N/A]513505608 High CVE-2026-10000: Use after free in Passwords. Reported by Google on 2026-05-15

[N/A]513505927 High CVE-2026-10001: Use after free in PerformanceManager. Reported by Google on 2026-05-15

[N/A]513536416 High CVE-2026-10002: Use after free in PDFium. Reported by Google on 2026-05-15

[N/A]513609324 High CVE-2026-10003: Use after free in Views. Reported by Google on 2026-05-15

[N/A]513730012 High CVE-2026-10004: Insufficient validation of untrusted input in Passwords. Reported by Google on 2026-05-16

[N/A]513750089 High CVE-2026-10005: Use after free in WebAppInstalls. Reported by Google on 2026-05-16

[N/A]513750691 High CVE-2026-10006: Race in WebAudio. Reported by Google on 2026-05-16

[N/A]513754619 High CVE-2026-10007: Use after free in SVG. Reported by Google on 2026-05-16

[N/A]513768979 High CVE-2026-10008: Uninitialized Use in GPU. Reported by Google on 2026-05-16

[N/A]513973560 High CVE-2026-10009: Integer overflow in Skia. Reported by Google on 2026-05-17

[N/A]513995565 High CVE-2026-10010: Inappropriate implementation in Input. Reported by Google on 2026-05-17

[N/A]514017326 High CVE-2026-10011: Inappropriate implementation in Skia. Reported by Google on 2026-05-17

[N/A]514063977 High CVE-2026-10012: Use after free in Skia. Reported by Google on 2026-05-17

[N/A]514715455 High CVE-2026-10013: Use after free in WebCodecs. Reported by Google on 2026-05-19

[N/A]514742327 High CVE-2026-10014: Use after free in WebMIDI. Reported by Google on 2026-05-19

[N/A]514746176 High CVE-2026-10015: Integer overflow in WTF. Reported by Google on 2026-05-19

[TBD]515155946 High CVE-2026-10016: Use after free in DOM. Reported by pwn2addr on 2026-05-20

[$3000]504156069 Medium CVE-2026-10017: Out of bounds read in Headless. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-19

[$2000]504175501 Medium CVE-2026-10018: Integer overflow in ANGLE. Reported by Rahul Raj on 2026-04-19

[$2000]505056913 Medium CVE-2026-10019: Integer overflow in ANGLE. Reported by Mufeed VH from Winfunc Research (winfunc.com) on 2026-04-21

[N/A]496565479 Medium CVE-2026-10020: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-03-26

[N/A]497327715 Medium CVE-2026-10021: Insufficient validation of untrusted input in USB. Reported by Google on 2026-03-29

[TBD]513289241 Medium CVE-2026-10022: Type Confusion in V8. Reported by ggwhyp on 2026-05-14

Stable Channel Update for Desktop

[harlan4096]

Google Chrome 149.0.7827.102/.103 Stable Channel Update for Desktop

This update includes 74 security fixes.

[N/A]516501794 Critical CVE-2026-11628: Use after free in Ozone. Reported by Google on 2026-05-25

[N/A]516674532 Critical CVE-2026-11629: Use after free in Ozone. Reported by Google on 2026-05-26

[N/A]516677924 Critical CVE-2026-11630: Use after free in File Input. Reported by Google on 2026-05-26

[N/A]516691130 Critical CVE-2026-11631: Use after free in Aura. Reported by Google on 2026-05-26

[N/A]516707881 Critical CVE-2026-11632: Use after free in TabStrip. Reported by Google on 2026-05-26

[N/A]516963272 Critical CVE-2026-11633: Use after free in Bluetooth. Reported by Google on 2026-05-27

[N/A]516975148 Critical CVE-2026-11634: Use after free in Gamepad. Reported by Google on 2026-05-27

[N/A]516987814 Critical CVE-2026-11635: Use after free in Bluetooth. Reported by Google on 2026-05-27

[N/A]517023053 Critical CVE-2026-11636: Use after free in Autofill. Reported by Google on 2026-05-27

[N/A]517040438 Critical CVE-2026-11637: Use after free in Views. Reported by Google on 2026-05-27

[N/A]517047197 Critical CVE-2026-11638: Use after free in Printing. Reported by Google on 2026-05-27

[N/A]517227707 Critical CVE-2026-11639: Use after free in Compositing. Reported by Google on 2026-05-27

[N/A]517339758 Critical CVE-2026-11640: Integer overflow in libyuv. Reported by Google on 2026-05-28

[N/A]517418936 Critical CVE-2026-11641: Use after free in Bluetooth. Reported by Google on 2026-05-28

[N/A]517678820 Critical CVE-2026-11642: Use after free in Web Apps. Reported by Google on 2026-05-29

[N/A]518006379 Critical CVE-2026-11643: Use after free in Proxy. Reported by Google on 2026-05-29

[N/A]518043597 Critical CVE-2026-11644: Use after free in Views. Reported by Google on 2026-05-30

[$55000]506689381 High CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3 on 2026-04-27

[$500]517168239 High CVE-2026-11646: Use after free in ViewTransitions. Reported by Quac Tran on 2026-05-27

[N/A]502156940 High CVE-2026-11647: Use after free in Printing. Reported by Google on 2026-04-13

[N/A]506684534 High CVE-2026-11648: Use after free in FullScreen. Reported by Mihnea Nicolau on 2026-04-27

[N/A]511270083 High CVE-2026-11649: Use after free in V8. Reported by Google on 2026-05-08

[N/A]511279942 High CVE-2026-11650: Use after free in V8. Reported by Google on 2026-05-08

[N/A]511736002 High CVE-2026-11651: Use after free in Network. Reported by Google on 2026-05-10

[N/A]513156160 High CVE-2026-11652: Use after free in Extensions. Reported by Google on 2026-05-14

[N/A]513321171 High CVE-2026-11653: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-14

[N/A]513362710 High CVE-2026-11654: Use after free in CameraCapture. Reported by Google on 2026-05-15

[N/A]513396305 High CVE-2026-11655: Integer overflow in Media. Reported by Google on 2026-05-15

[N/A]513424000 High CVE-2026-11656: Use after free in ServiceWorker. Reported by Google on 2026-05-15

[N/A]513465272 High CVE-2026-11657: Use after free in Payments. Reported by Google on 2026-05-15

[N/A]513564337 High CVE-2026-11658: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-15

[N/A]513702971 High CVE-2026-11659: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-16

[N/A]513731890 High CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page. Reported by Google on 2026-05-16

[N/A]513748868 High CVE-2026-11661: Use after free in Views. Reported by Google on 2026-05-16

[N/A]513773313 High CVE-2026-11662: Type Confusion in Bindings. Reported by Google on 2026-05-16

[N/A]513820666 High CVE-2026-11663: Use after free in Skia. Reported by Google on 2026-05-16

[N/A]513830374 High CVE-2026-11664: Use after free in Payments. Reported by Google on 2026-05-16

[N/A]513948465 High CVE-2026-11665: Out of bounds read in Dawn. Reported by Google on 2026-05-17

[N/A]514009323 High CVE-2026-11666: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-17

[N/A]514671098 High CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google on 2026-05-19

[N/A]515419790 High CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google on 2026-05-21

[N/A]515429352 High CVE-2026-11669: Integer overflow in Media. Reported by Google on 2026-05-21

[N/A]515469283 High CVE-2026-11670: Use after free in PDF. Reported by Google on 2026-05-21

[N/A]516608438 High CVE-2026-11671: Use after free in Navigation. Reported by Google on 2026-05-26

[N/A]516794471 High CVE-2026-11672: Out of bounds write in GPU. Reported by Google on 2026-05-26

[N/A]516902973 High CVE-2026-11673: Use after free in InterestGroups. Reported by Google on 2026-05-26

[N/A]516910450 High CVE-2026-11674: Use after free in Guest View. Reported by Google on 2026-05-27

[N/A]516915337 High CVE-2026-11675: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-05-27

[N/A]516949298 High CVE-2026-11676: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-27

[N/A]516979551 High CVE-2026-11677: Race in Network. Reported by Google on 2026-05-27

[N/A]516986556 High CVE-2026-11678: Integer overflow in libyuv. Reported by Google on 2026-05-27

[N/A]516997135 High CVE-2026-11679: Use after free in Codecs. Reported by Google on 2026-05-27

[N/A]517004487 High CVE-2026-11680: Use after free in Media. Reported by Google on 2026-05-27

[N/A]517050585 High CVE-2026-11681: Use after free in Ozone. Reported by Google on 2026-05-27

[N/A]517103584 High CVE-2026-11682: Insufficient validation of untrusted input in Views. Reported by Google on 2026-05-27

[N/A]517129549 High CVE-2026-11683: Use after free in WebCodecs. Reported by Google on 2026-05-27

[N/A]517130229 High CVE-2026-11684: Insufficient policy enforcement in Network. Reported by Google on 2026-05-27

[N/A]517183713 High CVE-2026-11685: Insufficient data validation in MediaCapture. Reported by Google on 2026-05-27

[N/A]517247333 High CVE-2026-11686: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-27

[N/A]517303276 High CVE-2026-11687: Use after free in Dawn. Reported by Google on 2026-05-28

[N/A]517309206 High CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google on 2026-05-28

[N/A]517486004 High CVE-2026-11689: Insufficient validation of untrusted input in Passwords. Reported by Google on 2026-05-28

[N/A]517533654 High CVE-2026-11690: Out of bounds read and write in Media. Reported by Google on 2026-05-28

[N/A]517585486 High CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page. Reported by Google on 2026-05-28

[N/A]517607902 High CVE-2026-11692: Use after free in Read Anything. Reported by Google on 2026-05-28

[N/A]517644287 High CVE-2026-11693: Inappropriate implementation in Plugins. Reported by Google on 2026-05-28

[N/A]517705966 High CVE-2026-11694: Use after free in ServiceWorker. Reported by Google on 2026-05-29

[N/A]517762104 High CVE-2026-11695: Inappropriate implementation in Passwords. Reported by Google on 2026-05-29

[N/A]517993381 High CVE-2026-11696: Uninitialized Use in Video. Reported by Google on 2026-05-29

[N/A]518105731 High CVE-2026-11697: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-30

[N/A]518235412 High CVE-2026-11698: Use after free in Bluetooth. Reported by Google on 2026-05-30

[N/A]518237527 High CVE-2026-11699: Use after free in Bluetooth. Reported by Google on 2026-05-30

[N/A]511732085 Medium CVE-2026-11700: Use after free in Tracing. Reported by Google on 2026-05-10

[N/A]516413817 Medium CVE-2026-11701: Insufficient validation of untrusted input in Guest View. Reported by Google on 2026-05-25

Google is aware that an exploit for CVE-2026-11645 exists in the wild.

Stable Channel Update for Desktop

[harlan4096]

Google Chrome 149.0.7827.114/.115 Stable Channel Update for Desktop

This update includes 28 security fixes.

[N/A]516731749 Critical CVE-2026-12007: Use after free Core. Reported by Google on 2026-05-26

[N/A]516942828 Critical CVE-2026-12008: Use after free DigitalCredentials. Reported by Google on 2026-05-27

[N/A]517332006 Critical CVE-2026-12009: Insufficient validation of untrusted input Accessibility. Reported by Google on 2026-05-28

[N/A]517531647 Critical CVE-2026-12010: Heap buffer overflow GPU. Reported by Google on 2026-05-28

[N/A]518108291 Critical CVE-2026-12011: Use after free WebMIDI. Reported by Google on 2026-05-30

[N/A]499182801 High CVE-2026-12012: Use after free Network. Reported by Google on 2026-04-03

[TBD]514229805 High CVE-2026-12013: Use after free Media. Reported by Henock Habte, Independent Security Researcher on 2026-05-18

[N/A]514742747 High CVE-2026-12014: Use after free Cast. Reported by Google on 2026-05-19

[N/A]515463295 High CVE-2026-12015: Use after free Autofill. Reported by Google on 2026-05-21

[N/A]516482138 High CVE-2026-12016: Insufficient validation of untrusted input DevTools. Reported by Google on 2026-05-25

[N/A]516797143 High CVE-2026-12017: Insufficient validation of untrusted input Extensions. Reported by Google on 2026-05-26

[N/A]516808201 High CVE-2026-12018: Inappropriate implementation Mojo. Reported by Google on 2026-05-26

[N/A]516872067 High CVE-2026-12019: Out of bounds write Codecs. Reported by Google on 2026-05-26

[N/A]516907083 High CVE-2026-12020: Use after free Autofill. Reported by Google on 2026-05-27

[N/A]516929496 High CVE-2026-12022: Race Safe Browsing. Reported by Google on 2026-05-27

[N/A]517018374 High CVE-2026-12023: Use after free GPU. Reported by Google on 2026-05-27

[N/A]517086161 High CVE-2026-12024: Insufficient policy enforcement DevTools. Reported by Google on 2026-05-27

[N/A]517153191 High CVE-2026-12025: Insufficient validation of untrusted input Network. Reported by Google on 2026-05-27

[N/A]517347084 High CVE-2026-12026: Out of bounds read Video. Reported by Google on 2026-05-28

[N/A]517517155 High CVE-2026-12027: Insufficient policy enforcement Headless. Reported by Google on 2026-05-28

[N/A]517555461 High CVE-2026-12028: Use after free GPU. Reported by Google on 2026-05-28

[N/A]518002958 High CVE-2026-12029: Use after free Video. Reported by Google on 2026-05-29

[N/A]518007423 High CVE-2026-12030: Heap buffer overflow GPU. Reported by Google on 2026-05-29

[N/A]518045638 High CVE-2026-12031: Inappropriate implementation Views. Reported by Google on 2026-05-30

[N/A]518128953 High CVE-2026-12032: Inappropriate implementation Passwords. Reported by Google on 2026-05-30

[N/A]519248779 High CVE-2026-12033: Out of bounds read VideoCapture. Reported by Google on 2026-06-02

[N/A]519258799 High CVE-2026-12034: Insufficient validation of untrusted input Linux Toolkit Theming. Reported by Google on 2026-06-02

[N/A]520210566 High CVE-2026-12035: Use after free Views. Reported by Google on 2026-06-05

Stable Channel Update for Desktop