Patch Release: Google Chrome 149.0.7827.114/.115 for Windows and macOS
Google has released Chrome version 149.0.7827.114/.115 for Windows and macOS. This release addresses 28 security vulnerabilities, including five critical flaws and multiple high-severity issues affecting components such as Core, GPU, Network, Media, Autofill, Video, DevTools, Safe Browsing, WebMIDI, and more.
Security Highlights
CVE-ID | Vulnerability | Severity |
CVE-2026-12007 | Use after free in Core | Critical |
CVE-2026-12008 | Use after free in DigitalCredentials | Critical |
CVE-2026-12009 | Insufficient validation of untrusted input in Accessibility | Critical |
CVE-2026-12010 | Heap buffer overflow in GPU | Critical |
CVE-2026-12011 | Use after free in WebMIDI | Critical |
CVE-2026-12012 | Use after free in Network | High |
CVE-2026-12013 | Use after free in Media | High |
CVE-2026-12014 | Use after free in Cast | High |
CVE-2026-12015 | Use after free in Autofill | High |
CVE-2026-12016 | Insufficient validation of untrusted input in DevTools | High |
CVE-2026-12017 | Insufficient validation of untrusted input in Extensions | High |
CVE-2026-12018 | Inappropriate implementation in Mojo | High |
CVE-2026-12019 | Out of bounds write in Codecs | High |
CVE-2026-12020 | Use after free in Autofill | High |
CVE-2026-12022 | Race condition in Safe Browsing | High |
CVE-2026-12023 | Use after free in GPU | High |
CVE-2026-12024 | Insufficient policy enforcement in DevTools | High |
CVE-2026-12025 | Insufficient validation of untrusted input in Network | High |
CVE-2026-12026 | Out of bounds read in Video | High |
CVE-2026-12027 | Insufficient policy enforcement in Headless | High |
CVE-2026-12028 | Use after free in GPU | High |
CVE-2026-12029 | Use after free in Video | High |
CVE-2026-12030 | Heap buffer overflow in GPU | High |
CVE-2026-12031 | Inappropriate implementation in Views | High |
CVE-2026-12032 | Inappropriate implementation in Passwords | High |
CVE-2026-12033 | Out of bounds read in VideoCapture | High |
CVE-2026-12034 | Insufficient validation of untrusted input in Linux Toolkit Theming | High |
CVE-2026-12035 | Use after free in Views | High |
Patch Details:
Windows 64-bit Patch Details
-
Patch ID: 360201
- Bulletin ID: TU-017
- Patch Description: Google Chrome (x64) (149.0.7827.114,149.0.7827.115)
Windows 32-bit Patch Details
-
Patch ID: 360200
- Bulletin ID: TU-017
-
Patch Description: Google Chrome (149.0.7827.114,149.0.7827.115)
- Patch ID: 615089
- Bulletin ID: MAC-012
- Patch Description: Google Chrome for Mac (149.0.7827.114,149.0.7827.115)
To install this update on your Windows machines, initiate a sync between the Central Patch Repository and the Vulnerability Manager Plus server. Once the sync is complete, search for the above Patch IDs or Bulletin ID and deploy them to your target systems. We recommend deploying these patches as soon as possible to ensure systems are protected against the vulnerabilities addressed in this release.
