MALWAREBYTES
Chrome needs another whopper update to fix 382 security bugs
HIGH Chrome sandbox-escape critical-severity patch-tuesday
Strategic summary
Google has released a critical Chrome update to fix 382 security vulnerabilities, 15 of which are rated critical. These flaws could allow attackers to execute arbitrary code outside the browser's sandbox. Notably, CVE-2026-13789 is a use-after-free vulnerability in the GPU process that enables sandbox escape via specially crafted HTML pages. Users should update Chrome and other Chromium-based browsers immediately.
Key findings
- The Chrome update to version 150 addresses 382 security issues, including 15 critical-rated vulnerabilities.
- Critical vulnerabilities potentially allow remote code execution outside the browser's sandbox.
- CVE-2026-13789 is a high-severity use-after-free flaw in the GPU process that could lead to sandbox escape through crafted HTML content.
- Google internally discovered 358 of the bugs using fuzzing techniques and possibly advanced AI tools.
- Users are urged to update Chrome and other Chromium browsers promptly to mitigate risks.
Relevance for you
Monthly patch announcement for Chrome with 382 security fixes, of which 15 are rated critical and could allow arbitrary code execution outside the browser sandbox.
Risk score
17
- cvss base
- 0.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 15.00
- raw before weight
- 15.00
- industry weight
- 1.21
- freshness factor
- 1.00
- exploitability factor
- 1.00
- days old
- 0.00
- vendor mismatch penalty
- 0.00
- consensus penalty
- -3.00
Path: operational
Consensus check
The pipeline self-checks before delivery. These rules lowered the score:
-
TTP_SKIPPEDTTP mapping skipped (placeholder or aggregation article) −3
- Consensus penalty:
- −3.0
- Total penalty:
- −3.0