Index  ›  defence  ›  Forbes
defence · Forbes ↗

Google Confirms 2nd Critical Chrome Security Update Within 48 Hours

Forbes Published Jul 18, 2026 Reviewed Jul 18, 2026 ✓ Reviewed by citations.press editors
Google patched seven vulnerabilities in the Chrome 150.0.7871.128/.129 update, including three rated critical by the Common Vulnerability Scoring System.
7 vulnerabilities · Chrome 150.0.7871.128/.129 update3 critical vulnerabilities · Chrome 150.0.7871.128/.129 update
The July 14 Chrome security update patched six use-after-free vulnerabilities, two of which were rated critical.
6 use-after-free vulnerabilities · July 14 Chrome security update2 critical vulnerabilities · July 14 Chrome security update
The July 16 Chrome update patched three critical use-after-free vulnerabilities, all reportedly uncovered by Google itself rather than external researchers.
3 critical use-after-free vulnerabilities · July 16 Chrome update

Within the space of just 48 hours, Google has now issued two critical security updates for the world’s most popular browser. Not that so-called emergency updates are unusual in and of themselves, but these would usually only involve a single new vulnerability, and that would be one of the zero-day variety that is already known to be exploited by attackers in the wild. In the case of the highly unusual Chrome 150.0.7871.128/.129 update for Windows, Mac and Linux users, Google has not warned of ongoing attacks; there are seven vulnerabilities patched in total, three of them with a Common Vulnerability Scoring System severity rating of critical.

While the speed of this second Chrome security update is as surprising as it is unusual, that the three critical vulnerabilities confirmed as patched are of the use-after-free memory variety really isn’t. The Open Worldwide Application Security Project defines a use-after-free vulnerability, which I have explained in more detail here, as something that happens when a program references heap-allocated memory after it has already been freed or deleted, which can result in data corruption and even arbitrary code execution.The July 14 Chrome security update referenced six such issues, two of which were rated critical.

The July 16 update has now raised the stakes, highlighting three critical use-after-free vulnerabilities. Google’s technical program manager, Daniel Yip, described them as follows:

All three are reported as being uncovered by Google itself, rather than external security researchers using the Google bug bounty program, which suggests that AI could have been involved once again and would help explain the speed at which new Chrome vulnerabilities are being found and, thankfully, patched.

Google has likely already rolled out this latest update to you; if you are asked to relaunch your browser, then it has. If not, you can use the three-dot Chrome menu to manually start the update search, download and installation process.

This article was originally published by Forbes ↗. citations.press indexes the source-backed facts above and links to the original. Something wrong? Corrections policy · Report an error