[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJ2lugAq4ssRg1cDNQjPSTAvO68ibE-qAMntwFUGP-jQ":3},{"article":4,"iocs":37},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":24,"category":25,"article_tags":29},"33043f74-e8eb-4df6-bd68-0a6a985ad960","Chrome 150 Update Patches 27 Vulnerabilities","chrome-150-update-patches-27-vulnerabilities-ee8b09","The security refresh resolves 13 use-after-free bugs, including two critical-severity flaws found by Google. The post Chrome 150 Update Patches 27 Vulnerabilities appeared first on SecurityWeek.","Google has released Chrome version 150, addressing 27 security vulnerabilities. Among these are two critical-severity use-after-free bugs in the Ozone and Views components, both discovered by Google. The update also includes 13 other use-after-free defects and various other types of weaknesses, with most being identified internally by Google, potentially due to AI assistance, leading to fewer external bug bounty rewards.","Chrome 150 update fixes 27 vulnerabilities, including two critical use-after-free flaws.","Google on Wednesday announced a Chrome 150 security update that resolves 27 vulnerabilities, including two critical-severity flaws. The two critical bugs are use-after-free issues in Chrome’s Ozone and Views components. Both were found by Google last month. The Chrome refresh resolves a total of 13 use-after-free defects, including 10 high-severity and one medium-severity weakness. Other types of vulnerabilities patched in this update include uninitialized use, integer overflow, out-of-bounds read and write, insufficient validation of untrusted input, inappropriate implementation, insufficient data validation, and insufficient policy enforcement. Most of these flaws were discovered by Google, a trend that has been ongoing for over two months. Per Google’s advisory, only three of the newly resolved security defects were reported by external researchers, who received a total of $3,000 in bug bounty rewards. Likely driven by the use of AI, the trend led to lower bug bounty rewards but resulted in far more security weaknesses being addressed.Advertisement. Scroll to continue reading. Since April, Google has rolled out fixes for more than 1,400 Chrome vulnerabilities, including hundreds of memory safety bugs. Chrome updates released in June and July resolved over 1,000 flaws. The latest Chrome iteration is now available for download as versions 150.0.7871.114\u002F.115 for Windows and macOS, and as version 150.0.7871.114 for Linux. Related: Google Patches 382 Chrome Vulnerabilities Related: Chrome 149 Update Resolves 18 Severe Vulnerabilities Related: Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices Related: CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire County Government Reportedly Paid $1 Million to Cyber Extortion GroupCritical Gitea Flaw Under Active Exploitation, Researchers WarnCritical Adobe ColdFusion Vulnerability Exploited in AttacksIran-Linked Hackers Using Modular C&C Framework in CyberattacksLinux Kernel Vulnerability Allows VM Escape on Intel and AMD SystemsBlogspot-Hosted Payloads Delivered in ‘Veil#Drop’ AttacksArmored Likho APT Targeting Government, Electric Power EntitiesNorth Korean Hackers Target Open Source Developers in Supply Chain Attacks Latest News 8Layers Raises $2.9 Million for Identity Security PlatformUnpatched Backdoor in Tenda Firmware Grants Admin Access to DevicesAccenture Confirms Data Breach After Hacker Claims Source Code TheftChina-Linked APT Expands Arsenal With New ‘Leash’ BackdoorsWebinar Today: Why Email Security Keeps FailingGoogle Dialogflow CX Bug Allowed Attackers to Hijack AI ConversationsCISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla FlawsCritical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveSherrod DeGrippo has been appointed Head of Threat Intelligence for Palo Alto Networks Unit 42.Christopher Porter has joined Booz Allen Hamilton as Global Chief Information Security Officer.Yael Ben Arie has joined exposure validation company Pentera as Chief Product Officer.More People On The MoveExpert Insights The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. (Matias Madou) Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfarb) The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Fchrome-150-update-patches-27-vulnerabilities\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F04\u002FChrome-Zero-Day-exploits.jpg","2026-07-09T07:27:59+00:00","2026-07-09T08:00:12.699388+00:00",8,[18,21],{"name":19,"type":20},"Chrome","product",{"name":22,"type":23},"Google","vendor","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":24,"icon":26,"name":27,"slug":28},null,"Vulnerabilities","vulnerabilities",[30,32],{"category":31},{"id":24,"icon":26,"name":27,"slug":28},{"category":33},{"id":34,"icon":26,"name":35,"slug":36},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[]]