Overview
- Google released Chrome 149 on Friday and is rolling versions 149.0.7827.53/54 for Windows and macOS and 149.0.7827.53 for Linux out to users over the coming days and weeks.
- The update remedies 429 vulnerabilities in total, including 22 rated critical, and Google reports no known in-the-wild exploits for the fixed flaws.
- Google’s own teams found 371 of the issues while external researchers reported the rest, and the company has disclosed roughly $209,000 in bug bounties with a $97,000 payout for CVE-2026-10881.
- The most dangerous bug, CVE-2026-10881, is an out-of-bounds read/write in the ANGLE graphics engine that could allow a sandbox escape and remote code execution when combined with crafted web content.
- Most fixes address use-after-free bugs and poor validation of untrusted input across ANGLE/WebGL, extension interfaces, media handling and GPU code, a pattern that points to higher-volume, AI-driven discovery and pressure on vendor triage and bounty policies.