Serious Discussion Google Chrome Stable Channel Updates

[Marko :)]

Someone on Reddit stated he/she managed to install uBO after facing difficulty to install in Chrome 150, but did not explain how.

You can still install it manually using developer mode in Extensions page. However, that is also bound to stop working soon when they start to strip away the MV2 code as it will render extension useless.

 

[nicolaasjan]

Someone on Reddit stated he/she managed to install uBO after facing difficulty to install in Chrome 150, but did not explain how.

If the extension page still exists, like for uBO, then you can download the extension in Firefox like this:

https://clients2.google.com/service/update2/crx?response=redirect&prodversion=148.0.7778.178&acceptformat=crx2,crx3&x=id%3Dcjpalhdlnbpafiamejdnhcphjbkeiagm%26uc

For other extensions, replace [extension ID] with the actual ID in this:

https://clients2.google.com/service/update2/crx?response=redirect&prodversion=148.0.7778.178&acceptformat=crx2,crx3&x=id%3D[EXTENSIONID]%26uc

See also my observations in this GitHub issue.

In the Chrome Web Store, the install button is greyed out:

But like @Marko :) said it will soon be over...

 

[Sampei.Nihira]

@nicolaasjan

Hi,
what steps did you follow to re-enable uBo in Chrome 150?

 

[Marko :)]

@nicolaasjan

Hi,
what steps did you follow to re-enable uBo in Chrome 150?

Open Extensions, enable developer mode and drag&drop the .crx file you downloaded using @nicolaasjan instructions.

 

[nicolaasjan]

@nicolaasjan

Hi,
what steps did you follow to re-enable uBo in Chrome 150?

After all my mv2 extensions were turned off after updating to Chromium Developer Build 150.0.7853.0, I just enabled them again and they still work today.

 

[nicolaasjan]

Here are all the changes that the Chromium team applied so far:
https://chromium-review.googlesource.com/c/chromium/src/+/7813942
(in case you want to revert them and build your own fork )

 

[HarborFront]

Open Extensions, enable developer mode and drag&drop the .crx file you downloaded using @nicolaasjan instructions.

Actually, besides the zip file, GitHub uBO site should make available the crx file for ease of installation

 

[lokamoka820]

Google Chrome 148.0.7778.216/217 for Windows and 148.0.7778.215/216 Mac and 148.0.7778.215 for Linux Stable Channel Update for Desktop

This update includes 151 security fixes.

[$43000][505077859] Critical CVE-2026-9872: Out of bounds write in GPU. Reported by cinzinga on 2026-04-21

[$43000][507365348] Critical CVE-2026-9873: Use after free in Network. Reported by cinzinga on 2026-04-28

[$11000][500609038] Critical CVE-2026-9874: Use after free in Dawn. Reported by Anonymous on 2026-04-08

[$5000][507508103] Critical CVE-2026-9875: Out of bounds read in WebGL. Reported by Anonymous on 2026-04-29

[TBD][493747593] Critical CVE-2026-9876: Use after free in WebGL. Reported by happy2me on 2026-03-18

[N/A][496445460] Critical CVE-2026-9877: Use after free in ANGLE. Reported by Google on 2026-03-26

[N/A][499054245] Critical CVE-2026-9878: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][499129768] Critical CVE-2026-9879: Out of bounds write in ANGLE. Reported by Google on 2026-04-03

[N/A][503615025] Critical CVE-2026-9880: Insufficient validation of untrusted input in WebGL. Reported by Google on 2026-04-17

[N/A][505140741] Critical CVE-2026-9881: Use after free in Bluetooth. Reported by Google on 2026-04-22

[N/A][506375217] Critical CVE-2026-9882: Integer overflow in ANGLE. Reported by Google on 2026-04-25

[N/A][506477192] Critical CVE-2026-9883: Use after free in Base. Reported by Google on 2026-04-25

[N/A][508289938] Critical CVE-2026-9884: Use after free in Browser. Reported by Google on 2026-04-30

[N/A][508452241] Critical CVE-2026-9885: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-01

[N/A][508456788] Critical CVE-2026-9886: Use after free in Base. Reported by Google on 2026-05-01

[N/A][511249104] Critical CVE-2026-9887: Use after free in Proxy. Reported by Google on 2026-05-08

[N/A][511715166] Critical CVE-2026-9888: Use after free in WebView. Reported by Google on 2026-05-10

[N/A][511727159] Critical CVE-2026-9889: Out of bounds read and write in Dawn. Reported by Google on 2026-05-10

[N/A][513135985] Critical CVE-2026-9890: Use after free in XR. Reported by Google on 2026-05-14

[N/A][513508128] Critical CVE-2026-9891: Use after free in Extensions. Reported by Google on 2026-05-15

[N/A][513948178] Critical CVE-2026-9892: Inappropriate implementation in Skia. Reported by Google on 2026-05-16

[N/A][513972075] Critical CVE-2026-9893: Use after free in Skia. Reported by Google on 2026-05-17

[$25000][507707838] High CVE-2026-9894: Use after free in GPU. Reported by tohafrit on 2026-04-29

[$3000][491685406] High CVE-2026-9895: Out of bounds read in GPU. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-11

[$500][508811474] High CVE-2026-9896: Out of bounds write in V8. Reported by 303f06e3 on 2026-05-02

[N/A][496271580] High CVE-2026-9897: Use after free in DOM. Reported by Google on 2026-03-25

[N/A][496282591] High CVE-2026-9898: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-03-25

[N/A][497533569] High CVE-2026-9899: Use after free in ANGLE. Reported by Google on 2026-03-29

[N/A][497637277] High CVE-2026-9900: Out of bounds write in ANGLE. Reported by Google on 2026-03-30

[N/A][497737770] High CVE-2026-9901: Use after free in ANGLE. Reported by Google on 2026-03-30

[N/A][498205735] High CVE-2026-9902: Use after free in Accessibility. Reported by Google on 2026-03-31

[N/A][498783665] High CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation. Reported by Google on 2026-04-02

[N/A][498804020] High CVE-2026-9904: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][498883610] High CVE-2026-9905: Use after free in Accessibility. Reported by Google on 2026-04-02

[N/A][499005260] High CVE-2026-9906: Out of bounds write in GPU. Reported by Google on 2026-04-02

[N/A][499091269] High CVE-2026-9907: Out of bounds read in Dawn. Reported by Google on 2026-04-03

[N/A][499091328] High CVE-2026-9908: Out of bounds read in ANGLE. Reported by Google on 2026-04-03

[N/A][499152771] High CVE-2026-9909: Integer overflow in Skia. Reported by Google on 2026-04-03

[N/A][499176133] High CVE-2026-9910: Out of bounds memory access in ANGLE. Reported by Google on 2026-04-03

[N/A][499205491] High CVE-2026-9911: Integer overflow in ANGLE. Reported by Google on 2026-04-03

[N/A][499873765] High CVE-2026-9912: Inappropriate implementation in GPU. Reported by Google on 2026-04-06

[N/A][500046096] High CVE-2026-9913: Inappropriate implementation in ANGLE. Reported by Google on 2026-04-06

[N/A][500047428] High CVE-2026-9914: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-06

[N/A][500063836] High CVE-2026-9915: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-06

[N/A][500080303] High CVE-2026-9916: Out of bounds write in ANGLE. Reported by Google on 2026-04-06

[N/A][500095304] High CVE-2026-9917: Uninitialized Use in WebGL. Reported by Google on 2026-04-06

[N/A][500099471] High CVE-2026-9918: Inappropriate implementation in Tint. Reported by Google on 2026-04-06

[N/A][500114058] High CVE-2026-9919: Out of bounds read in WebGL. Reported by Google on 2026-04-06

[N/A][500138014] High CVE-2026-9920: Uninitialized Use in GPU. Reported by Google on 2026-04-07

[N/A][500150338] High CVE-2026-9921: Uninitialized Use in WebGL. Reported by Google on 2026-04-07

[N/A][500187083] High CVE-2026-9922: Use after free in GPU. Reported by Google on 2026-04-07

[N/A][500393328] High CVE-2026-9923: Use after free in Skia. Reported by Google on 2026-04-07

[N/A][500398345] High CVE-2026-9924: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-07

[N/A][500536458] High CVE-2026-9925: Use after free in ANGLE. Reported by Google on 2026-04-08

[N/A][500540748] High CVE-2026-9926: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-08

[N/A][500540958] High CVE-2026-9927: Use after free in ANGLE. Reported by Google on 2026-04-08

[TBD][501125002] High CVE-2026-9928: Out of bounds read in ANGLE. Reported by Jeff Muizelaar - Mozilla on 2026-04-09

[N/A][501367791] High CVE-2026-9929: Inappropriate implementation in WebGL. Reported by Google on 2026-04-10

[N/A][501499832] High CVE-2026-9930: Out of bounds write in Dawn. Reported by Google on 2026-04-10

[N/A][501524262] High CVE-2026-9931: Use after free in GPU. Reported by Google on 2026-04-10

[N/A][501563323] High CVE-2026-9932: Use after free in ANGLE. Reported by Google on 2026-04-11

[N/A][501575979] High CVE-2026-9933: Use after free in Input. Reported by Google on 2026-04-11

[N/A][501576946] High CVE-2026-9934: Use after free in Aura. Reported by Google on 2026-04-11

[N/A][501584689] High CVE-2026-9935: Uninitialized Use in ANGLE. Reported by Google on 2026-04-11

[N/A][502104354] High CVE-2026-9936: Use after free in GFX. Reported by Google on 2026-04-13

[N/A][502112506] High CVE-2026-9937: Use after free in UI. Reported by Google on 2026-04-13

[N/A][502300817] High CVE-2026-9938: Inappropriate implementation in V8. Reported by Google on 2026-04-13

[N/A][502735235] High CVE-2026-9939: Heap buffer overflow in WebCodecs. Reported by Google on 2026-04-15

[N/A][502738003] High CVE-2026-9940: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-15

[N/A][502812366] High CVE-2026-9941: Use after free in ANGLE. Reported by Google on 2026-04-15

[N/A][503438092] High CVE-2026-9942: Uninitialized Use in ANGLE. Reported by Google on 2026-04-16

[N/A][503464551] High CVE-2026-9943: Out of bounds read in WebGL. Reported by Google on 2026-04-16

[N/A][503471286] High CVE-2026-9944: Uninitialized Use in ANGLE. Reported by Google on 2026-04-16

[N/A][503565293] High CVE-2026-9945: Use after free in Media. Reported by Google on 2026-04-17

[N/A][503596863] High CVE-2026-9946: Use after free in ANGLE. Reported by Google on 2026-04-17

[N/A][503627446] High CVE-2026-9947: Use after free in XML. Reported by Google on 2026-04-17

[N/A][503790201] High CVE-2026-9948: Use after free in Views. Reported by Google on 2026-04-17

[N/A][503793153] High CVE-2026-9949: Use after free in Core. Reported by Google on 2026-04-17

[N/A][503862359] High CVE-2026-9950: Insufficient validation of untrusted input in iOS. Reported by Google on 2026-04-17

[N/A][503873388] High CVE-2026-9951: Use after free in UI. Reported by Google on 2026-04-17

[N/A][503929476] High CVE-2026-9952: Use after free in WebAudio. Reported by Google on 2026-04-18

[N/A][503985322] High CVE-2026-9953: Out of bounds read in ANGLE. Reported by Google on 2026-04-18

[TBD][504175497] High CVE-2026-9954: Use after free in TabStrip. Reported by yueliu of Microsoft on 2026-04-19

[N/A][504184408] High CVE-2026-9955: Inappropriate implementation in iOS. Reported by Google on 2026-04-19

[N/A][504195132] High CVE-2026-9956: Use after free in iOS. Reported by Google on 2026-04-19

[N/A][504516117] High CVE-2026-9957: Use after free in PDF. Reported by Google on 2026-04-20

[N/A][504555886] High CVE-2026-9958: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504557432] High CVE-2026-9959: Race in WebRTC. Reported by Google on 2026-04-20

[N/A][504573260] High CVE-2026-9960: Integer overflow in PDFium. Reported by Google on 2026-04-20

[N/A][504710769] High CVE-2026-9961: Use after free in SurfaceCapture. Reported by Google on 2026-04-20

[N/A][504716948] High CVE-2026-9962: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][505143241] High CVE-2026-9963: Uninitialized Use in iOS. Reported by Google on 2026-04-22

[N/A][505190999] High CVE-2026-9964: Use after free in Bluetooth. Reported by Google on 2026-04-22

[N/A][506377574] High CVE-2026-9965: Out of bounds write in ANGLE. Reported by Google on 2026-04-25

[N/A][506388321] High CVE-2026-9966: Integer overflow in XML. Reported by Google on 2026-04-25

[N/A][506414791] High CVE-2026-9967: Out of bounds write in GPU. Reported by Google on 2026-04-25

[N/A][506499280] High CVE-2026-9968: Integer overflow in V8. Reported by Google on 2026-04-25

[N/A][506550494] High CVE-2026-9969: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-26

[TBD][506653647] High CVE-2026-9970: Use after free in WebGL. Reported by TFGC on 2026-04-26

[N/A][508448586] High CVE-2026-9971: Inappropriate implementation in iOS. Reported by Google on 2026-05-01

[N/A][508463705] High CVE-2026-9972: Uninitialized Use in Gamepad. Reported by Google on 2026-05-01

[TBD][509268941] High CVE-2026-9973: Out of bounds write in V8. Reported by amyb of OpenAI on 2026-05-04

[N/A][511710468] High CVE-2026-9974: Out of bounds write in GPU. Reported by Google on 2026-05-10

[N/A][511719039] High CVE-2026-9975: Out of bounds read and write in ANGLE. Reported by Google on 2026-05-10

[N/A][511732828] High CVE-2026-9976: Inappropriate implementation in USB. Reported by Google on 2026-05-10

[N/A][511741173] High CVE-2026-9977: Insufficient validation of untrusted input in WebShare. Reported by Google on 2026-05-10

[N/A][511741396] High CVE-2026-9978: Use after free in Glic. Reported by Google on 2026-05-10

[N/A][511742228] High CVE-2026-9979: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-10

[N/A][511776372] High CVE-2026-9980: Insufficient validation of untrusted input in Printing. Reported by Google on 2026-05-10

[N/A][512995705] High CVE-2026-9981: Inappropriate implementation in Skia. Reported by Google on 2026-05-13

[N/A][513001247] High CVE-2026-9982: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-13

[N/A][513001309] High CVE-2026-9983: Type Confusion in Skia. Reported by Google on 2026-05-14

[N/A][513002543] High CVE-2026-9984: Use after free in UI. Reported by Google on 2026-05-14

[N/A][513019760] High CVE-2026-9985: Insufficient validation of untrusted input in Media. Reported by Google on 2026-05-14

[N/A][513028160] High CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide. Reported by Google on 2026-05-14

[N/A][513046475] High CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-05-14

[N/A][513049286] High CVE-2026-9988: Use after free in WebRTC. Reported by Google on 2026-05-14

[N/A][513054053] High CVE-2026-9989: Inappropriate implementation in Media. Reported by Google on 2026-05-14

[N/A][513128608] High CVE-2026-9990: Use after free in WebAppInstalls. Reported by Google on 2026-05-14

[N/A][513173565] High CVE-2026-9991: Inappropriate implementation in Media. Reported by Google on 2026-05-14

[N/A][513177826] High CVE-2026-9992: Use after free in Network. Reported by Google on 2026-05-14

[N/A][513208588] High CVE-2026-9993: Use after free in Views. Reported by Google on 2026-05-14

[N/A][513235131] High CVE-2026-9994: Use after free in Core. Reported by Google on 2026-05-14

[N/A][513256572] High CVE-2026-9995: Use after free in WebXR. Reported by Google on 2026-05-14

[N/A][513268100] High CVE-2026-9996: Out of bounds read in WebRTC. Reported by Google on 2026-05-14

[N/A][513324041] High CVE-2026-9997: Use after free in Input. Reported by Google on 2026-05-14

[N/A][513337118] High CVE-2026-9998: Integer overflow in Skia. Reported by Google on 2026-05-14

[N/A][513364480] High CVE-2026-9999: Inappropriate implementation in ANGLE. Reported by Google on 2026-05-15

[N/A][513505608] High CVE-2026-10000: Use after free in Passwords. Reported by Google on 2026-05-15

[N/A][513505927] High CVE-2026-10001: Use after free in PerformanceManager. Reported by Google on 2026-05-15

[N/A][513536416] High CVE-2026-10002: Use after free in PDFium. Reported by Google on 2026-05-15

[N/A][513609324] High CVE-2026-10003: Use after free in Views. Reported by Google on 2026-05-15

[N/A][513730012] High CVE-2026-10004: Insufficient validation of untrusted input in Passwords. Reported by Google on 2026-05-16

[N/A][513750089] High CVE-2026-10005: Use after free in WebAppInstalls. Reported by Google on 2026-05-16

[N/A][513750691] High CVE-2026-10006: Race in WebAudio. Reported by Google on 2026-05-16

[N/A][513754619] High CVE-2026-10007: Use after free in SVG. Reported by Google on 2026-05-16

[N/A][513768979] High CVE-2026-10008: Uninitialized Use in GPU. Reported by Google on 2026-05-16

[N/A][513973560] High CVE-2026-10009: Integer overflow in Skia. Reported by Google on 2026-05-17

[N/A][513995565] High CVE-2026-10010: Inappropriate implementation in Input. Reported by Google on 2026-05-17

[N/A][514017326] High CVE-2026-10011: Inappropriate implementation in Skia. Reported by Google on 2026-05-17

[N/A][514063977] High CVE-2026-10012: Use after free in Skia. Reported by Google on 2026-05-17

[N/A][514715455] High CVE-2026-10013: Use after free in WebCodecs. Reported by Google on 2026-05-19

[N/A][514742327] High CVE-2026-10014: Use after free in WebMIDI. Reported by Google on 2026-05-19

[N/A][514746176] High CVE-2026-10015: Integer overflow in WTF. Reported by Google on 2026-05-19

[TBD][515155946] High CVE-2026-10016: Use after free in DOM. Reported by pwn2addr on 2026-05-20

[$3000][504156069] Medium CVE-2026-10017: Out of bounds read in Headless. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-19

[$2000][504175501] Medium CVE-2026-10018: Integer overflow in ANGLE. Reported by Rahul Raj on 2026-04-19

[$2000][505056913] Medium CVE-2026-10019: Integer overflow in ANGLE. Reported by Mufeed VH from Winfunc Research (winfunc.com) on 2026-04-21

[N/A][496565479] Medium CVE-2026-10020: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-03-26

[N/A][497327715] Medium CVE-2026-10021: Insufficient validation of untrusted input in USB. Reported by Google on 2026-03-29

[TBD][513289241] Medium CVE-2026-10022: Type Confusion in V8. Reported by ggwhyp on 2026-05-14

Stable Channel Update for Desktop

The Stable channel has been updated to 148.0.7778.216/217 for Windows and 148.0.7778.215/216 Mac and 148.0.7778.215 for Linux, which will...

chromereleases.googleblog.com

 

[lokamoka820]

Google Chrome 149.0.7827.53/54 Stable Channel Update for Desktop

Security update coming shortly

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 149 to the stable channel for Windows, Mac and Linux. This will roll out ov...

chromereleases.googleblog.com

 

[lokamoka820]

Google Chrome 149.0.7827.102/.103 Stable Channel Update for Desktop

This update includes 74 security fixes.

[N/A][516501794] Critical CVE-2026-11628: Use after free in Ozone. Reported by Google on 2026-05-25

[N/A][516674532] Critical CVE-2026-11629: Use after free in Ozone. Reported by Google on 2026-05-26

[N/A][516677924] Critical CVE-2026-11630: Use after free in File Input. Reported by Google on 2026-05-26

[N/A][516691130] Critical CVE-2026-11631: Use after free in Aura. Reported by Google on 2026-05-26

[N/A][516707881] Critical CVE-2026-11632: Use after free in TabStrip. Reported by Google on 2026-05-26

[N/A][516963272] Critical CVE-2026-11633: Use after free in Bluetooth. Reported by Google on 2026-05-27

[N/A][516975148] Critical CVE-2026-11634: Use after free in Gamepad. Reported by Google on 2026-05-27

[N/A][516987814] Critical CVE-2026-11635: Use after free in Bluetooth. Reported by Google on 2026-05-27

[N/A][517023053] Critical CVE-2026-11636: Use after free in Autofill. Reported by Google on 2026-05-27

[N/A][517040438] Critical CVE-2026-11637: Use after free in Views. Reported by Google on 2026-05-27

[N/A][517047197] Critical CVE-2026-11638: Use after free in Printing. Reported by Google on 2026-05-27

[N/A][517227707] Critical CVE-2026-11639: Use after free in Compositing. Reported by Google on 2026-05-27

[N/A][517339758] Critical CVE-2026-11640: Integer overflow in libyuv. Reported by Google on 2026-05-28

[N/A][517418936] Critical CVE-2026-11641: Use after free in Bluetooth. Reported by Google on 2026-05-28

[N/A][517678820] Critical CVE-2026-11642: Use after free in Web Apps. Reported by Google on 2026-05-29

[N/A][518006379] Critical CVE-2026-11643: Use after free in Proxy. Reported by Google on 2026-05-29

[N/A][518043597] Critical CVE-2026-11644: Use after free in Views. Reported by Google on 2026-05-30

[$55000][506689381] High CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3 on 2026-04-27

[$500][517168239] High CVE-2026-11646: Use after free in ViewTransitions. Reported by Quac Tran on 2026-05-27

[N/A][502156940] High CVE-2026-11647: Use after free in Printing. Reported by Google on 2026-04-13

[N/A][506684534] High CVE-2026-11648: Use after free in FullScreen. Reported by Mihnea Nicolau on 2026-04-27

[N/A][511270083] High CVE-2026-11649: Use after free in V8. Reported by Google on 2026-05-08

[N/A][511279942] High CVE-2026-11650: Use after free in V8. Reported by Google on 2026-05-08

[N/A][511736002] High CVE-2026-11651: Use after free in Network. Reported by Google on 2026-05-10

[N/A][513156160] High CVE-2026-11652: Use after free in Extensions. Reported by Google on 2026-05-14

[N/A][513321171] High CVE-2026-11653: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-14

[N/A][513362710] High CVE-2026-11654: Use after free in CameraCapture. Reported by Google on 2026-05-15

[N/A][513396305] High CVE-2026-11655: Integer overflow in Media. Reported by Google on 2026-05-15

[N/A][513424000] High CVE-2026-11656: Use after free in ServiceWorker. Reported by Google on 2026-05-15

[N/A][513465272] High CVE-2026-11657: Use after free in Payments. Reported by Google on 2026-05-15

[N/A][513564337] High CVE-2026-11658: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-15

[N/A][513702971] High CVE-2026-11659: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-16

[N/A][513731890] High CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page. Reported by Google on 2026-05-16

[N/A][513748868] High CVE-2026-11661: Use after free in Views. Reported by Google on 2026-05-16

[N/A][513773313] High CVE-2026-11662: Type Confusion in Bindings. Reported by Google on 2026-05-16

[N/A][513820666] High CVE-2026-11663: Use after free in Skia. Reported by Google on 2026-05-16

[N/A][513830374] High CVE-2026-11664: Use after free in Payments. Reported by Google on 2026-05-16

[N/A][513948465] High CVE-2026-11665: Out of bounds read in Dawn. Reported by Google on 2026-05-17

[N/A][514009323] High CVE-2026-11666: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-17

[N/A][514671098] High CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google on 2026-05-19

[N/A][515419790] High CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google on 2026-05-21

[N/A][515429352] High CVE-2026-11669: Integer overflow in Media. Reported by Google on 2026-05-21

[N/A][515469283] High CVE-2026-11670: Use after free in PDF. Reported by Google on 2026-05-21

[N/A][516608438] High CVE-2026-11671: Use after free in Navigation. Reported by Google on 2026-05-26

[N/A][516794471] High CVE-2026-11672: Out of bounds write in GPU. Reported by Google on 2026-05-26

[N/A][516902973] High CVE-2026-11673: Use after free in InterestGroups. Reported by Google on 2026-05-26

[N/A][516910450] High CVE-2026-11674: Use after free in Guest View. Reported by Google on 2026-05-27

[N/A][516915337] High CVE-2026-11675: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-05-27

[N/A][516949298] High CVE-2026-11676: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-27

[N/A][516979551] High CVE-2026-11677: Race in Network. Reported by Google on 2026-05-27

[N/A][516986556] High CVE-2026-11678: Integer overflow in libyuv. Reported by Google on 2026-05-27

[N/A][516997135] High CVE-2026-11679: Use after free in Codecs. Reported by Google on 2026-05-27

[N/A][517004487] High CVE-2026-11680: Use after free in Media. Reported by Google on 2026-05-27

[N/A][517050585] High CVE-2026-11681: Use after free in Ozone. Reported by Google on 2026-05-27

[N/A][517103584] High CVE-2026-11682: Insufficient validation of untrusted input in Views. Reported by Google on 2026-05-27

[N/A][517129549] High CVE-2026-11683: Use after free in WebCodecs. Reported by Google on 2026-05-27

[N/A][517130229] High CVE-2026-11684: Insufficient policy enforcement in Network. Reported by Google on 2026-05-27

[N/A][517183713] High CVE-2026-11685: Insufficient data validation in MediaCapture. Reported by Google on 2026-05-27

[N/A][517247333] High CVE-2026-11686: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-27

[N/A][517303276] High CVE-2026-11687: Use after free in Dawn. Reported by Google on 2026-05-28

[N/A][517309206] High CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google on 2026-05-28

[N/A][517486004] High CVE-2026-11689: Insufficient validation of untrusted input in Passwords. Reported by Google on 2026-05-28

[N/A][517533654] High CVE-2026-11690: Out of bounds read and write in Media. Reported by Google on 2026-05-28

[N/A][517585486] High CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page. Reported by Google on 2026-05-28

[N/A][517607902] High CVE-2026-11692: Use after free in Read Anything. Reported by Google on 2026-05-28

[N/A][517644287] High CVE-2026-11693: Inappropriate implementation in Plugins. Reported by Google on 2026-05-28

[N/A][517705966] High CVE-2026-11694: Use after free in ServiceWorker. Reported by Google on 2026-05-29

[N/A][517762104] High CVE-2026-11695: Inappropriate implementation in Passwords. Reported by Google on 2026-05-29

[N/A][517993381] High CVE-2026-11696: Uninitialized Use in Video. Reported by Google on 2026-05-29

[N/A][518105731] High CVE-2026-11697: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-30

[N/A][518235412] High CVE-2026-11698: Use after free in Bluetooth. Reported by Google on 2026-05-30

[N/A][518237527] High CVE-2026-11699: Use after free in Bluetooth. Reported by Google on 2026-05-30

[N/A][511732085] Medium CVE-2026-11700: Use after free in Tracing. Reported by Google on 2026-05-10

[N/A][516413817] Medium CVE-2026-11701: Insufficient validation of untrusted input in Guest View. Reported by Google on 2026-05-25

Google is aware that an exploit for CVE-2026-11645 exists in the wild.

Stable Channel Update for Desktop

The Stable channel has been updated to 149.0.7827.102/.103 for Windows and Mac and 149.0.7827.102 for Linux, which will roll out over the ...

chromereleases.googleblog.com

 

[Sampei.Nihira]

A Double Victory for Web Speed: Chrome Breaks Records Again on Speedometer 3.1 and Jetstream 3:

A Double Victory for Web Speed: Chrome Breaks Records Again on Speedometer 3.1 and Jetstream 3

 

[lokamoka820]

Google Chrome 149.0.7827.114/.115 Stable Channel Update for Desktop

This update includes 28 security fixes.

[N/A][516731749] Critical CVE-2026-12007: Use after free Core. Reported by Google on 2026-05-26

[N/A][516942828] Critical CVE-2026-12008: Use after free DigitalCredentials. Reported by Google on 2026-05-27

[N/A][517332006] Critical CVE-2026-12009: Insufficient validation of untrusted input Accessibility. Reported by Google on 2026-05-28

[N/A][517531647] Critical CVE-2026-12010: Heap buffer overflow GPU. Reported by Google on 2026-05-28

[N/A][518108291] Critical CVE-2026-12011: Use after free WebMIDI. Reported by Google on 2026-05-30

[N/A][499182801] High CVE-2026-12012: Use after free Network. Reported by Google on 2026-04-03

[TBD][514229805] High CVE-2026-12013: Use after free Media. Reported by Henock Habte, Independent Security Researcher on 2026-05-18

[N/A][514742747] High CVE-2026-12014: Use after free Cast. Reported by Google on 2026-05-19

[N/A][515463295] High CVE-2026-12015: Use after free Autofill. Reported by Google on 2026-05-21

[N/A][516482138] High CVE-2026-12016: Insufficient validation of untrusted input DevTools. Reported by Google on 2026-05-25

[N/A][516797143] High CVE-2026-12017: Insufficient validation of untrusted input Extensions. Reported by Google on 2026-05-26

[N/A][516808201] High CVE-2026-12018: Inappropriate implementation Mojo. Reported by Google on 2026-05-26

[N/A][516872067] High CVE-2026-12019: Out of bounds write Codecs. Reported by Google on 2026-05-26

[N/A][516907083] High CVE-2026-12020: Use after free Autofill. Reported by Google on 2026-05-27

[N/A][516929496] High CVE-2026-12022: Race Safe Browsing. Reported by Google on 2026-05-27

[N/A][517018374] High CVE-2026-12023: Use after free GPU. Reported by Google on 2026-05-27

[N/A][517086161] High CVE-2026-12024: Insufficient policy enforcement DevTools. Reported by Google on 2026-05-27

[N/A][517153191] High CVE-2026-12025: Insufficient validation of untrusted input Network. Reported by Google on 2026-05-27

[N/A][517347084] High CVE-2026-12026: Out of bounds read Video. Reported by Google on 2026-05-28

[N/A][517517155] High CVE-2026-12027: Insufficient policy enforcement Headless. Reported by Google on 2026-05-28

[N/A][517555461] High CVE-2026-12028: Use after free GPU. Reported by Google on 2026-05-28

[N/A][518002958] High CVE-2026-12029: Use after free Video. Reported by Google on 2026-05-29

[N/A][518007423] High CVE-2026-12030: Heap buffer overflow GPU. Reported by Google on 2026-05-29

[N/A][518045638] High CVE-2026-12031: Inappropriate implementation Views. Reported by Google on 2026-05-30

[N/A][518128953] High CVE-2026-12032: Inappropriate implementation Passwords. Reported by Google on 2026-05-30

[N/A][519248779] High CVE-2026-12033: Out of bounds read VideoCapture. Reported by Google on 2026-06-02

[N/A][519258799] High CVE-2026-12034: Insufficient validation of untrusted input Linux Toolkit Theming. Reported by Google on 2026-06-02

[N/A][520210566] High CVE-2026-12035: Use after free Views. Reported by Google on 2026-06-05

Stable Channel Update for Desktop

The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the c...

chromereleases.googleblog.com