Chrome Releases

Chrome for Android Update

Thursday, May 28, 2026

Hello Everyone! We've just released Chrome 149 (149.0.7827.48) for Android to a small percentage of users. It'll become available on Google Play over the next few days. You can find more details about early Stable releases here.Git logfiling a bugGoogle Chrome

Chrome Beta for Android Update

Thursday, May 28, 2026

Hi everyone! We've just released Chrome Beta 149 (149.0.7827.48) for Android. It's now available on Google Play.You can see a partial list of the changes in the Git log. For details on new features, check out the Chromium blog, and for details on web platform updates, check here.If you find a new issue, please let us know by filing a bug.Chrome Release Team
Google Chrome

Chrome for Android Update

Wednesday, May 27, 2026

Hi, everyone! We've just released Chrome 148 (148.0.7778.215) for Android. It'll become available on Google Play over the next few days. This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.
Android releases contain the same security fixes as their corresponding Desktop releases (Windows: 148.0.7778.216/217, Mac: 148.0.7778.215/216, Linux: 148.0.7778.215) unless otherwise noted.

Harry Souders

Google Chrome

Chrome Stable for iOS Update

Wednesday, May 27, 2026

Hi everyone! We've just released Chrome Stable 149 (149.0.7827.45) for iOS; it'll become available on App Store in the next few hours.This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.Chrome Release Team
Google Chrome

Stable Channel Update for Desktop

Wednesday, May 27, 2026

The Stable channel has been updated to 148.0.7778.216/217 for Windows and 148.0.7778.215/216 Mac and 148.0.7778.215 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

This update includes 151 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$43000][505077859] Critical CVE-2026-9872: Out of bounds write in GPU. Reported by cinzinga on 2026-04-21

[$43000][507365348] Critical CVE-2026-9873: Use after free in Network. Reported by cinzinga on 2026-04-28

[$11000][500609038] Critical CVE-2026-9874: Use after free in Dawn. Reported by Anonymous on 2026-04-08

[$5000][507508103] Critical CVE-2026-9875: Out of bounds read in WebGL. Reported by Anonymous on 2026-04-29

[TBD][493747593] Critical CVE-2026-9876: Use after free in WebGL. Reported by happy2me on 2026-03-18

[N/A][496445460] Critical CVE-2026-9877: Use after free in ANGLE. Reported by Google on 2026-03-26

[N/A][499054245] Critical CVE-2026-9878: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][499129768] Critical CVE-2026-9879: Out of bounds write in ANGLE. Reported by Google on 2026-04-03

[N/A][503615025] Critical CVE-2026-9880: Insufficient validation of untrusted input in WebGL. Reported by Google on 2026-04-17

[N/A][505140741] Critical CVE-2026-9881: Use after free in Bluetooth. Reported by Google on 2026-04-22

[N/A][506375217] Critical CVE-2026-9882: Integer overflow in ANGLE. Reported by Google on 2026-04-25

[N/A][506477192] Critical CVE-2026-9883: Use after free in Base. Reported by Google on 2026-04-25

[N/A][508289938] Critical CVE-2026-9884: Use after free in Browser. Reported by Google on 2026-04-30

[N/A][508452241] Critical CVE-2026-9885: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-01

[N/A][508456788] Critical CVE-2026-9886: Use after free in Base. Reported by Google on 2026-05-01

[N/A][511249104] Critical CVE-2026-9887: Use after free in Proxy. Reported by Google on 2026-05-08

[N/A][511715166] Critical CVE-2026-9888: Use after free in WebView. Reported by Google on 2026-05-10

[N/A][511727159] Critical CVE-2026-9889: Out of bounds read and write in Dawn. Reported by Google on 2026-05-10

[N/A][513135985] Critical CVE-2026-9890: Use after free in XR. Reported by Google on 2026-05-14

[N/A][513508128] Critical CVE-2026-9891: Use after free in Extensions. Reported by Google on 2026-05-15

[N/A][513948178] Critical CVE-2026-9892: Inappropriate implementation in Skia. Reported by Google on 2026-05-16

[N/A][513972075] Critical CVE-2026-9893: Use after free in Skia. Reported by Google on 2026-05-17

[$25000][507707838] High CVE-2026-9894: Use after free in GPU. Reported by tohafrit on 2026-04-29

[$3000][491685406] High CVE-2026-9895: Out of bounds read in GPU. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-11

[$500][508811474] High CVE-2026-9896: Out of bounds write in V8. Reported by 303f06e3 on 2026-05-02

[N/A][496271580] High CVE-2026-9897: Use after free in DOM. Reported by Google on 2026-03-25

[N/A][496282591] High CVE-2026-9898: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-03-25

[N/A][497533569] High CVE-2026-9899: Use after free in ANGLE. Reported by Google on 2026-03-29

[N/A][497637277] High CVE-2026-9900: Out of bounds write in ANGLE. Reported by Google on 2026-03-30

[N/A][497737770] High CVE-2026-9901: Use after free in ANGLE. Reported by Google on 2026-03-30

[N/A][498205735] High CVE-2026-9902: Use after free in Accessibility. Reported by Google on 2026-03-31

[N/A][498783665] High CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation. Reported by Google on 2026-04-02

[N/A][498804020] High CVE-2026-9904: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][498883610] High CVE-2026-9905: Use after free in Accessibility. Reported by Google on 2026-04-02

[N/A][499005260] High CVE-2026-9906: Out of bounds write in GPU. Reported by Google on 2026-04-02

[N/A][499091269] High CVE-2026-9907: Out of bounds read in Dawn. Reported by Google on 2026-04-03

[N/A][499091328] High CVE-2026-9908: Out of bounds read in ANGLE. Reported by Google on 2026-04-03

[N/A][499152771] High CVE-2026-9909: Integer overflow in Skia. Reported by Google on 2026-04-03

[N/A][499176133] High CVE-2026-9910: Out of bounds memory access in ANGLE. Reported by Google on 2026-04-03

[N/A][499205491] High CVE-2026-9911: Integer overflow in ANGLE. Reported by Google on 2026-04-03

[N/A][499873765] High CVE-2026-9912: Inappropriate implementation in GPU. Reported by Google on 2026-04-06

[N/A][500046096] High CVE-2026-9913: Inappropriate implementation in ANGLE. Reported by Google on 2026-04-06

[N/A][500047428] High CVE-2026-9914: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-06

[N/A][500063836] High CVE-2026-9915: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-06

[N/A][500080303] High CVE-2026-9916: Out of bounds write in ANGLE. Reported by Google on 2026-04-06

[N/A][500095304] High CVE-2026-9917: Uninitialized Use in WebGL. Reported by Google on 2026-04-06

[N/A][500099471] High CVE-2026-9918: Inappropriate implementation in Tint. Reported by Google on 2026-04-06

[N/A][500114058] High CVE-2026-9919: Out of bounds read in WebGL. Reported by Google on 2026-04-06

[N/A][500138014] High CVE-2026-9920: Uninitialized Use in GPU. Reported by Google on 2026-04-07

[N/A][500150338] High CVE-2026-9921: Uninitialized Use in WebGL. Reported by Google on 2026-04-07

[N/A][500187083] High CVE-2026-9922: Use after free in GPU. Reported by Google on 2026-04-07

[N/A][500393328] High CVE-2026-9923: Use after free in Skia. Reported by Google on 2026-04-07

[N/A][500398345] High CVE-2026-9924: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-07

[N/A][500536458] High CVE-2026-9925: Use after free in ANGLE. Reported by Google on 2026-04-08

[N/A][500540748] High CVE-2026-9926: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-08

[N/A][500540958] High CVE-2026-9927: Use after free in ANGLE. Reported by Google on 2026-04-08

[TBD][501125002] High CVE-2026-9928: Out of bounds read in ANGLE. Reported by Jeff Muizelaar - Mozilla on 2026-04-09

[N/A][501367791] High CVE-2026-9929: Inappropriate implementation in WebGL. Reported by Google on 2026-04-10

[N/A][501499832] High CVE-2026-9930: Out of bounds write in Dawn. Reported by Google on 2026-04-10

[N/A][501524262] High CVE-2026-9931: Use after free in GPU. Reported by Google on 2026-04-10

[N/A][501563323] High CVE-2026-9932: Use after free in ANGLE. Reported by Google on 2026-04-11

[N/A][501575979] High CVE-2026-9933: Use after free in Input. Reported by Google on 2026-04-11

[N/A][501576946] High CVE-2026-9934: Use after free in Aura. Reported by Google on 2026-04-11

[N/A][501584689] High CVE-2026-9935: Uninitialized Use in ANGLE. Reported by Google on 2026-04-11

[N/A][502104354] High CVE-2026-9936: Use after free in GFX. Reported by Google on 2026-04-13

[N/A][502112506] High CVE-2026-9937: Use after free in UI. Reported by Google on 2026-04-13

[N/A][502300817] High CVE-2026-9938: Inappropriate implementation in V8. Reported by Google on 2026-04-13

[N/A][502735235] High CVE-2026-9939: Heap buffer overflow in WebCodecs. Reported by Google on 2026-04-15

[N/A][502738003] High CVE-2026-9940: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-15

[N/A][502812366] High CVE-2026-9941: Use after free in ANGLE. Reported by Google on 2026-04-15

[N/A][503438092] High CVE-2026-9942: Uninitialized Use in ANGLE. Reported by Google on 2026-04-16

[N/A][503464551] High CVE-2026-9943: Out of bounds read in WebGL. Reported by Google on 2026-04-16

[N/A][503471286] High CVE-2026-9944: Uninitialized Use in ANGLE. Reported by Google on 2026-04-16

[N/A][503565293] High CVE-2026-9945: Use after free in Media. Reported by Google on 2026-04-17

[N/A][503596863] High CVE-2026-9946: Use after free in ANGLE. Reported by Google on 2026-04-17

[N/A][503627446] High CVE-2026-9947: Use after free in XML. Reported by Google on 2026-04-17

[N/A][503790201] High CVE-2026-9948: Use after free in Views. Reported by Google on 2026-04-17

[N/A][503793153] High CVE-2026-9949: Use after free in Core. Reported by Google on 2026-04-17

[N/A][503862359] High CVE-2026-9950: Insufficient validation of untrusted input in iOS. Reported by Google on 2026-04-17

[N/A][503873388] High CVE-2026-9951: Use after free in UI. Reported by Google on 2026-04-17

[N/A][503929476] High CVE-2026-9952: Use after free in WebAudio. Reported by Google on 2026-04-18

[N/A][503985322] High CVE-2026-9953: Out of bounds read in ANGLE. Reported by Google on 2026-04-18

[TBD][504175497] High CVE-2026-9954: Use after free in TabStrip. Reported by yueliu of Microsoft on 2026-04-19

[N/A][504184408] High CVE-2026-9955: Inappropriate implementation in iOS. Reported by Google on 2026-04-19

[N/A][504195132] High CVE-2026-9956: Use after free in iOS. Reported by Google on 2026-04-19

[N/A][504516117] High CVE-2026-9957: Use after free in PDF. Reported by Google on 2026-04-20

[N/A][504555886] High CVE-2026-9958: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504557432] High CVE-2026-9959: Race in WebRTC. Reported by Google on 2026-04-20

[N/A][504573260] High CVE-2026-9960: Integer overflow in PDFium. Reported by Google on 2026-04-20

[N/A][504710769] High CVE-2026-9961: Use after free in SurfaceCapture. Reported by Google on 2026-04-20

[N/A][504716948] High CVE-2026-9962: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][505143241] High CVE-2026-9963: Uninitialized Use in iOS. Reported by Google on 2026-04-22

[N/A][505190999] High CVE-2026-9964: Use after free in Bluetooth. Reported by Google on 2026-04-22

[N/A][506377574] High CVE-2026-9965: Out of bounds write in ANGLE. Reported by Google on 2026-04-25

[N/A][506388321] High CVE-2026-9966: Integer overflow in XML. Reported by Google on 2026-04-25

[N/A][506414791] High CVE-2026-9967: Out of bounds write in GPU. Reported by Google on 2026-04-25

[N/A][506499280] High CVE-2026-9968: Integer overflow in V8. Reported by Google on 2026-04-25

[N/A][506550494] High CVE-2026-9969: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-26

[TBD][506653647] High CVE-2026-9970: Use after free in WebGL. Reported by TFGC on 2026-04-26

[N/A][508448586] High CVE-2026-9971: Inappropriate implementation in iOS. Reported by Google on 2026-05-01

[N/A][508463705] High CVE-2026-9972: Uninitialized Use in Gamepad. Reported by Google on 2026-05-01

[TBD][509268941] High CVE-2026-9973: Out of bounds write in V8. Reported by amyb of OpenAI on 2026-05-04

[N/A][511710468] High CVE-2026-9974: Out of bounds write in GPU. Reported by Google on 2026-05-10

[N/A][511719039] High CVE-2026-9975: Out of bounds read and write in ANGLE. Reported by Google on 2026-05-10

[N/A][511732828] High CVE-2026-9976: Inappropriate implementation in USB. Reported by Google on 2026-05-10

[N/A][511741173] High CVE-2026-9977: Insufficient validation of untrusted input in WebShare. Reported by Google on 2026-05-10

[N/A][511741396] High CVE-2026-9978: Use after free in Glic. Reported by Google on 2026-05-10

[N/A][511742228] High CVE-2026-9979: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-10

[N/A][511776372] High CVE-2026-9980: Insufficient validation of untrusted input in Printing. Reported by Google on 2026-05-10

[N/A][512995705] High CVE-2026-9981: Inappropriate implementation in Skia. Reported by Google on 2026-05-13

[N/A][513001247] High CVE-2026-9982: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-13

[N/A][513001309] High CVE-2026-9983: Type Confusion in Skia. Reported by Google on 2026-05-14

[N/A][513002543] High CVE-2026-9984: Use after free in UI. Reported by Google on 2026-05-14

[N/A][513019760] High CVE-2026-9985: Insufficient validation of untrusted input in Media. Reported by Google on 2026-05-14

[N/A][513028160] High CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide. Reported by Google on 2026-05-14

[N/A][513046475] High CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-05-14

[N/A][513049286] High CVE-2026-9988: Use after free in WebRTC. Reported by Google on 2026-05-14

[N/A][513054053] High CVE-2026-9989: Inappropriate implementation in Media. Reported by Google on 2026-05-14

[N/A][513128608] High CVE-2026-9990: Use after free in WebAppInstalls. Reported by Google on 2026-05-14

[N/A][513173565] High CVE-2026-9991: Inappropriate implementation in Media. Reported by Google on 2026-05-14

[N/A][513177826] High CVE-2026-9992: Use after free in Network. Reported by Google on 2026-05-14

[N/A][513208588] High CVE-2026-9993: Use after free in Views. Reported by Google on 2026-05-14

[N/A][513235131] High CVE-2026-9994: Use after free in Core. Reported by Google on 2026-05-14

[N/A][513256572] High CVE-2026-9995: Use after free in WebXR. Reported by Google on 2026-05-14

[N/A][513268100] High CVE-2026-9996: Out of bounds read in WebRTC. Reported by Google on 2026-05-14

[N/A][513324041] High CVE-2026-9997: Use after free in Input. Reported by Google on 2026-05-14

[N/A][513337118] High CVE-2026-9998: Integer overflow in Skia. Reported by Google on 2026-05-14

[N/A][513364480] High CVE-2026-9999: Inappropriate implementation in ANGLE. Reported by Google on 2026-05-15

[N/A][513505608] High CVE-2026-10000: Use after free in Passwords. Reported by Google on 2026-05-15

[N/A][513505927] High CVE-2026-10001: Use after free in PerformanceManager. Reported by Google on 2026-05-15

[N/A][513536416] High CVE-2026-10002: Use after free in PDFium. Reported by Google on 2026-05-15

[N/A][513609324] High CVE-2026-10003: Use after free in Views. Reported by Google on 2026-05-15

[N/A][513730012] High CVE-2026-10004: Insufficient validation of untrusted input in Passwords. Reported by Google on 2026-05-16

[N/A][513750089] High CVE-2026-10005: Use after free in WebAppInstalls. Reported by Google on 2026-05-16

[N/A][513750691] High CVE-2026-10006: Race in WebAudio. Reported by Google on 2026-05-16

[N/A][513754619] High CVE-2026-10007: Use after free in SVG. Reported by Google on 2026-05-16

[N/A][513768979] High CVE-2026-10008: Uninitialized Use in GPU. Reported by Google on 2026-05-16

[N/A][513973560] High CVE-2026-10009: Integer overflow in Skia. Reported by Google on 2026-05-17

[N/A][513995565] High CVE-2026-10010: Inappropriate implementation in Input. Reported by Google on 2026-05-17

[N/A][514017326] High CVE-2026-10011: Inappropriate implementation in Skia. Reported by Google on 2026-05-17

[N/A][514063977] High CVE-2026-10012: Use after free in Skia. Reported by Google on 2026-05-17

[N/A][514715455] High CVE-2026-10013: Use after free in WebCodecs. Reported by Google on 2026-05-19

[N/A][514742327] High CVE-2026-10014: Use after free in WebMIDI. Reported by Google on 2026-05-19

[N/A][514746176] High CVE-2026-10015: Integer overflow in WTF. Reported by Google on 2026-05-19

[TBD][515155946] High CVE-2026-10016: Use after free in DOM. Reported by pwn2addr on 2026-05-20

[$3000][504156069] Medium CVE-2026-10017: Out of bounds read in Headless. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-19

[$2000][504175501] Medium CVE-2026-10018: Integer overflow in ANGLE. Reported by Rahul Raj on 2026-04-19

[$2000][505056913] Medium CVE-2026-10019: Integer overflow in ANGLE. Reported by Mufeed VH from Winfunc Research (winfunc.com) on 2026-04-21

[N/A][496565479] Medium CVE-2026-10020: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-03-26

[N/A][497327715] Medium CVE-2026-10021: Insufficient validation of untrusted input in USB. Reported by Google on 2026-03-29

[TBD][513289241] Medium CVE-2026-10022: Type Confusion in V8. Reported by ggwhyp on 2026-05-14

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Srinivas SistaGoogle Chrome

Chrome Releases

Chrome for Android Update

Chrome Beta for Android Update

Chrome for Android Update

Chrome Stable for iOS Update

Stable Channel Update for Desktop

Labels

Archive