
GOOGLE has rolled out Chrome 150 for desktop, fixing twenty seven security issues that include two use‑after‑free flaws in the Ozone and Views subsystems. The update bumps the version to 150.0.7871.114 for Windows, macOS and Linux and addresses a total of thirteen use‑free defects across the browser. Users running older builds are exposed to potential memory corruption attacks. Google announced the release on its Chrome Releases blog.
The two highlighted use‑after‑free bugs reside in the Ozone platform abstraction layer and the Views UI toolkit, components that handle graphics rendering and window management. Exploitation could allow an attacker to execute arbitrary code by convincing a victim to visit a specially crafted web page, although Google said no proof‑of‑concept exploit was published. No CVE identifiers were assigned to these flaws at the time of the release, which is common for issues discovered internally. SecurityWeek covered the technical details of the patch.
Thirteen additional use‑after‑free problems were also patched, affecting areas such as media playback, GPU processing and the Blink rendering engine. All of the vulnerabilities were rated high severity by Google’s internal scoring system, though the company did not publish CVSS scores. The patches modify memory handling routines to prevent dangling pointer dereferences after object release.
Google said that more than twenty of the fixes came from internal audits, reflecting a trend where the majority of Chrome bugs are found by its own security teams. Only three issues were reported by outside researchers, each earning a $3 000 bounty through the Chrome Vulnerability Reward Programme. Since April 2026 the project has closed over one thousand four hundred vulnerabilities across the browser stack. SecurityOnline noted the bounty figures in its write‑up.
There are no indications that the two use‑after‑free flaws have been exploited in the wild, and no threat actor groups have been linked to the issues. Nevertheless, the widespread deployment of Chrome means that any unpatched instance remains an attractive target for exploit kits or targeted intrusions. The company urges administrators to treat the update as a priority.
Defenders should verify that Chrome is running version 150.0.7871.114 or later by opening the Help menu and selecting About Google Chrome, which triggers an automatic check and install. For environments where auto‑update is disabled, administrators can push the latest MSI or DMG package via their software distribution tools. Enabling the built‑in safety check and reviewing extension permissions adds another layer of defence.
Staying current with the Chrome stable channel remains the most effective way to mitigate the risk posed by memory corruption bugs, and regular vulnerability scans can help catch any stray outdated installations before they are leveraged in an attack.