Google has announced the release of Chrome version 150.0.7871.124/.125 for Windows and macOS, alongside version 150.0.7871.124 for Linux. This latest update in the Stable Channel focuses on rectifying 15 security vulnerabilities, which include two critical memory safety issues in the Ozone component.
Gradual Rollout of Chrome 150
While the update is now available, its deployment will be phased, potentially taking several days or weeks to reach all desktop devices. Google strongly advises both organizations and individual users to update their Chrome browsers promptly as the new version becomes accessible.
The most pressing vulnerabilities, known as CVE-2026-15764 and CVE-2026-15765, involve use-after-free issues within Ozone, Chrome’s platform integration layer. This layer is essential for managing windowing, input, graphics, and display functions across various operating systems.
Understanding Use-After-Free Vulnerabilities
Use-after-free vulnerabilities occur when software continues to access memory after it has been released. Exploiting this flaw could allow an attacker to execute arbitrary code by manipulating memory, particularly through malicious websites or web content.
Google has classified the Ozone vulnerabilities as critical. Despite withholding detailed technical information about these exploits, their severity indicates a significant risk, potentially leading to unauthorized code execution.
Addressing Multiple High-Severity Bugs
Apart from the critical vulnerabilities, Chrome 150 also addresses several high-severity bugs affecting key components. Among these are CVE-2026-15766, an uninitialized-use flaw in Skia, and CVE-2026-15767, a heap buffer overflow in the libyuv library.
Additional vulnerabilities impact V8, Chrome’s JavaScript and WebAssembly engine, including an uninitialized memory use issue (CVE-2026-15770) and a policy enforcement flaw (CVE-2026-15775). Security researcher Salvatore Gulizia reported CVE-2026-15776, a type confusion vulnerability in V8 that could lead to memory corruption.
The update also fixes use-after-free flaws in GPU, Core, Skia, and UI components, as well as addressing insufficient validation and policy enforcement issues in HTML-in-Canvas, Linux Toolkit Theming, Media, and Navigation.
Recommendations and Acknowledgments
Google recommends users update Chrome by navigating to Settings, selecting “About Chrome,” and relaunching the browser post-update. Security teams should confirm that managed systems are running Chrome version 150.0.7871.124 or later on Linux and versions 150.0.7871.124/.125 or later on Windows and macOS.
This release credits Google’s internal researchers, Microsoft’s xinchaotian, and independent researcher Salvatore Gulizia for their contributions. Some details about the reporters and reward amounts are still to be determined.
