GOOGLE released Chrome 149 for desktop, patching 28 security flaws five of which are rated critical.
The details are available in the official release blog here.
The update addresses a mix of use-after-free and heap buffer overflow issues that could lead to remote code execution or data corruption as reported by SecurityWeek.
CVE-2026-12007 scores 8.8 and relates to a use-after-free condition in the browser's rendering engine.
CVE-2026-12008, CVE-2026-12010 and CVE-2026-12011 each carry a score of 8.3 and involve similar use-after-free or heap buffer overflow weaknesses.
All four flaws affect Chrome versions prior to 149.0.7827.114 on Windows, macOS and Linux.
Google said that 27 of the vulnerabilities in this release were discovered through its internal analysis programs according to SecurityOnline.
The five critical flaws could allow an attacker to execute arbitrary code if a user visits a specially crafted web page.
At present there is no evidence that any of these issues have been exploited in the wild.
This update continues a pattern of increasing vulnerability disclosures in Chrome over the past months.
Google has already patched more than 700 security issues in the browser during 2026.
Some researchers attribute the rise to the growing complexity of AI driven features and broader code coverage.
No threat actor groups have been linked to these vulnerabilities at this time.
None of the flaws are listed in the Known Exploited Vulnerabilities catalog.
Nevertheless the severity of the scores warrants prompt remediation.
Administrators should prioritise updating all Chrome installations to version 149.0.7827.114 or later.
Enabling automatic updates in the browser settings helps ensure future patches are applied without delay.
After updating, review any anomalous browser behaviour and verify that security policies remain effective.