Chrome users face urgent browser patch

Google has issued an urgent Chrome security update after fixing 30 vulnerabilities, including four critical memory-related flaws that could expose users to attacks through compromised or malicious web pages.

The update moves Chrome’s stable desktop channel to version 147.0.7727.137 or 147.0.7727.138, depending on platform, and is being rolled out across Windows, macOS and Linux. Users have been advised to restart the browser after the update is installed, as Chrome does not fully apply security fixes until the relaunch is completed.

The four critical flaws are use-after-free vulnerabilities, a class of memory corruption bug that can allow attackers to manipulate freed memory and potentially execute code. The affected Chrome components include Canvas, iOS, Accessibility and Views. Google also fixed a long list of high-severity issues in GPU, ANGLE, Animation, Navigation, Skia, Media, MHTML, WebMIDI, Cast, Codecs, WebRTC, V8, Chromoting, Tint, Feedback and WebView.

The patch cycle reflects a growing security challenge for browser makers. Chrome is a primary gateway to online banking, workplace apps, cloud services, email, messaging platforms and cryptocurrency wallets. That central role makes browser bugs valuable to criminal groups, spyware vendors and state-backed operators seeking initial access to devices.

Although Google has not said that the newly patched Chrome flaws are being exploited in the wild, the critical rating indicates that successful exploitation could have a serious impact. Browser vulnerabilities of this type are often chained with sandbox escapes or operating system flaws to deepen access after a user visits a booby-trapped page.

Use-after-free bugs remain among the most common and dangerous defects in modern browsers because they affect how software manages memory during fast, complex operations. Attackers typically attempt to trigger the flaw through crafted web content, forcing the browser to behave unpredictably. In the worst cases, that behaviour can be turned into code execution.

Chrome users can check their version by opening the three-dot menu, selecting Help, then About Google Chrome. The browser should automatically search for the update and install it. A relaunch button appears once the download is complete. Enterprises using managed Chrome environments will need administrators to verify that policies do not delay deployment across fleets.

The update also matters for Chromium-based browsers. Many browsers share large parts of Chromium’s codebase, meaning vendors often need to absorb upstream fixes quickly. Users of such browsers should monitor their own update channels rather than assuming Chrome’s patch protects them automatically.

Mozilla has also pushed a Firefox security update, underscoring the wider browser risk. Firefox 150.0.1 fixed several vulnerabilities, including critical memory safety bugs affecting Firefox and Extended Support Release branches. Some of the memory bugs showed evidence of corruption, a warning sign because such flaws can sometimes be developed into arbitrary code execution attacks with enough effort.

Firefox users can update by opening the menu, selecting Help, then About Firefox. The browser will check for the latest version and prompt a restart. Organisations running Firefox ESR should ensure deployment of Firefox ESR 115.35.1 or Firefox ESR 140.10.1, depending on the branch in use.

The latest browser patches arrive at a time when attackers are increasingly targeting routine browsing rather than relying only on phishing attachments or infected downloads. A single malicious web page can serve exploit code, fingerprint a device, test for vulnerable versions and deliver a payload if conditions are favourable.

Security teams are placing greater emphasis on browser hardening, extension control and update visibility. Extensions remain a particular concern because they can widen the attack surface and gain access to sensitive browsing data. Users should remove extensions they no longer need, avoid sideloaded add-ons and install only from trusted marketplaces.

For individuals, the main protective step is straightforward: update immediately and restart the browser. Keeping operating systems current, enabling safe browsing protections, avoiding unknown download prompts and limiting stored credentials in the browser can reduce exposure further.