Google has released Chrome 149, a security update that resolves 28 vulnerabilities affecting the popular web browser. The update addresses multiple critical and high-severity security defects that could potentially allow attackers to compromise user systems.

The patch bundle includes fixes for a dozen use-after-free vulnerabilities, which represent a significant portion of the security issues resolved in this release. Use-after-free bugs occur when a program continues to use memory after it has been freed, creating opportunities for attackers to manipulate memory and potentially execute malicious code on affected systems.

Use-after-free vulnerabilities are particularly dangerous in web browsers because they can be triggered through specially crafted web content. When successfully exploited, these flaws can allow attackers to bypass security controls, crash the browser, or gain unauthorized access to system resources. The prevalence of these bugs in this update highlights ongoing challenges in memory management within complex browser codebases.

Chrome users across all platforms are affected by these vulnerabilities. The security defects could be exploited by threat actors through malicious websites or compromised legitimate sites, potentially leading to data theft, system compromise, or other security incidents. Organizations relying on Chrome for business operations face particular risk if systems remain unpatched.

Users should update to Chrome 149 immediately through the browser's built-in update mechanism. Chrome typically updates automatically, but users can manually check for updates by navigating to Settings, then About Chrome. System administrators should prioritize deploying this update across enterprise environments to minimize exposure to these security risks.

Source: https://www.securityweek.com/chrome-149-update-patches-28-vulnerabilities/