Skip to content
Auto-CTI
Back to all deep dives
MALWAREBYTES

Chrome needs another whopper update to fix 382 security bugs

HIGH Chrome sandbox-escape critical-severity patch-tuesday

Strategic summary

Google has released a critical Chrome update to fix 382 security vulnerabilities, 15 of which are rated critical. These flaws could allow attackers to execute arbitrary code outside the browser's sandbox. Notably, CVE-2026-13789 is a use-after-free vulnerability in the GPU process that enables sandbox escape via specially crafted HTML pages. Users should update Chrome and other Chromium-based browsers immediately.

Key findings

  • The Chrome update to version 150 addresses 382 security issues, including 15 critical-rated vulnerabilities.
  • Critical vulnerabilities potentially allow remote code execution outside the browser's sandbox.
  • CVE-2026-13789 is a high-severity use-after-free flaw in the GPU process that could lead to sandbox escape through crafted HTML content.
  • Google internally discovered 358 of the bugs using fuzzing techniques and possibly advanced AI tools.
  • Users are urged to update Chrome and other Chromium browsers promptly to mitigate risks.

Relevance for you

Monthly patch announcement for Chrome with 382 security fixes, of which 15 are rated critical and could allow arbitrary code execution outside the browser sandbox.

Risk score

17
cvss base
0.00
kev bonus
0.00
epss bonus
0.00
poc bonus
15.00
raw before weight
15.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00
consensus penalty
-3.00

Path: operational

Consensus check

The pipeline self-checks before delivery. These rules lowered the score:

  • TTP_SKIPPED TTP mapping skipped (placeholder or aggregation article) −3
Consensus penalty:
−3.0
Total penalty:
−3.0
ESC