Overview
- The Chrome 149 release fixes 429 security flaws, the largest single-set of patches Google has shipped for the browser.
- Twenty-two of the fixes are rated critical, including CVE-2026-10881, an out-of-bounds read/write in the ANGLE graphics engine that could allow sandbox escape and code execution.
- Google reports it discovered 371 of the issues internally while external researchers reported the remainder and have received about $209,000 in bug-bounty payments so far.
- The update, released Friday, June 5, 2026, moves desktop Chrome to versions 149.0.7827.53/54 and extends fixes to Android and iOS, and Google says the staged rollout will continue over the coming days and weeks.
- Most patched bugs are memory- and input-validation problems such as use-after-free and out-of-bounds errors that commonly enable remote code execution, so users should update now using Help → About Google Chrome or their device app store.