Chrome 149 fixes 429 security flaws, the most ever in one update

Summary created by Smart Answers AI In summary: PCWorld reports Chrome 149 fixes a record-breaking 429 security vulnerabilities, including 22 critical ‘use-after-free’ issues discovered by Google and external researchers.

This massive security update matters for billions of Chrome users who need protection from potential exploits and cyberattacks.

The update also introduces new PDF editing features like annotation and signing, while Google paid $209,000 in bounties to security researchers.

In the new Chrome versions 149.0.7827.53/54 for Windows and macOS, and 149.0.7827.53 for Linux, the developers have fixed more than 400 vulnerabilities, some of which are critical. According to Google, none of the patched vulnerabilities have been exploited in the wild yet.

What’s new in Chrome 149?

The browser’s own “What’s New” page lists new features in the PDF viewer as the only innovation. Google is clearly following the trend of turning integrated PDF viewers into small PDF editors. With Chrome 149, you can not only fill in PDF files online, but now also annotate and sign them. This has been available in Firefox for some time.

Chrome was supposed to have implemented the option to arrange tabs vertically rather than horizontally in April, and Reading Mode is set to become more immersive by filling the entire browser window rather than just half of a split view. However, neither of these new features is available yet (or at least not for everyone).

Chrome usually updates automatically when a new version is available. You can manually check for updates via the menu item Help → About Google Chrome (or Settings → About Google Chrome).

Google also released Chrome for Android 149.0.7827.59 this week, having already released Chrome for iOS 149.0.7827.45 last week. The Android version addresses the same vulnerabilities as the desktop versions. The Extended Stable Channel for Windows and macOS now includes Chromium version 148.0.7778.254.

The release of Chrome 150 is expected at the end of June.

Security flaws in Chrome 149

In the Chrome Releases blog post, Srinivas Sista lists 429 security vulnerabilities fixed just two days after the update was announced—far more than ever before. Specialised “AI” tools (such as Google Big Sleep) are likely to have played a significant role in the dramatic increase in vulnerabilities found. Google states that it discovered 371 of these vulnerabilities itself; the remainder were detected and reported by external security researchers. To date, Google has awarded these researchers a total of $209,000 in bounties.

Twenty-two of the vulnerabilities are classified as critical: CVE-2026-10881 to CVE-2026-10902. The majority of the vulnerabilities classified as critical are use-after-free (UAF) vulnerabilities in various components, such as the WebGL library Angle. A further 87 vulnerabilities are classified as high risk. Of the remaining vulnerabilities, 226 are considered medium risk and 94 low risk.

In total, use-after-free vulnerabilities account for the largest share with 110 instances, followed by “insufficient validation” of inputs with 88, and “inappropriate implementation” with 60 vulnerabilities. The WebGL library Angle accounts for the most resolved security vulnerabilities, with 37, followed by the extension interface and media handling, each with 18 vulnerabilities patched. If we add the errors in codecs, media handling accounts for 28 patched security vulnerabilities.

Tip: Whether you keep your browser up to date, you need proper antivirus protections if you want your PC to remain secure and private. Check out our picks for the best antivirus software for Windows as well as best VPN services to stay ahead of security problems.