Google has released a major Chrome security update fixing 382 vulnerabilities across Windows, macOS, Linux, iOS, and Android, including 15 critical and 67 high-severity flaws. The patched bugs span components such as Extensions, GPU, WebUSB, Browser, Bluetooth, Chromoting, Ozone, Dawn/WebGPU, ANGLE, Skia, Views, Fullscreen, and iOSWeb, with many involving use-after-free, type confusion, out-of-bounds access, uninitialized use, and insufficient validation of untrusted input. Google said 358 of the issues were found internally through tooling and fuzzing, while others were reported by external researchers.
Several of the vulnerabilities could be triggered through crafted web content to achieve renderer compromise, heap corruption, control-flow hijacking, and in some cases sandbox escape leading to code execution on the underlying system. Reported examples include CVE-2026-13789, a high-severity use-after-free flaw in the GPU component that could enable a remote attacker with renderer access to escape the sandbox, along with critical issues such as CVE-2026-13774, CVE-2026-13775, CVE-2026-13776, CVE-2026-13778, CVE-2026-13782, CVE-2026-13785, and CVE-2026-13788. Google said it had no evidence of in-the-wild exploitation at release, but urged rapid deployment of the update, particularly in enterprise environments and for Chromium-based browsers.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
Reporting highlighted CVE-2026-13789, a high-severity use-after-free vulnerability in Chrome's GPU component. The flaw could allow an attacker who had already compromised the renderer process to escape the sandbox via a crafted HTML page.
Google released a Chrome stable-channel security update addressing 382 vulnerabilities across multiple platforms. The update included 15 critical flaws, and reporting notes Google had not disclosed any of the newly patched issues as exploited in the wild at release time.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
5 references tracked. Mallory keeps watching after this page renders.
techrepublic.com
Open sourcemalwarebytes.com
Open sourcesecurityweek.com
Open sourcecybersecuritynews.com
Open sourcethecyberthrone.in
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.