In the new Chrome versions 147.0.7727.137/138 for Windows and macOS and 147.0.7727.137 for Linux, a whopping 30 security vulnerabilities have been patched in the lead up to the next generation of Chrome. None of these vulnerabilities are being exploited in the wild yet.
In the Chrome Releases blog post, Srinivas Sista lists all the vulnerabilities that have been fixed, not just the ones discovered by external security researchers. Around two-thirds of the vulnerabilities, from CVE-2026-7333 to CVE-2026-7363, were discovered by Google employees. A vulnerability in WebRTC was reported by Mozilla.
Google classifies four of the vulnerabilities as critical, which are all use-after-free (UAF) vulnerabilities in various components. Use-after-free vulnerabilities also dominate the rest of the patched vulnerabilities, accounting for just under two-thirds of the entire list. We also see a type confusion in the V8 JavaScript engine. On top of the vulnerabilities classified as high risk, there are three others with a medium risk rating.
Chrome usually updates automatically when a new version is available. You can manually check for updates via the menu item Help > About Google Chrome.
Google has also released Chrome for Android 147.0.7727.137 this week. The Android version addresses the same vulnerabilities as the desktop versions. The Extended Stable Channel for Windows and macOS now includes Chromium version 146.0.7680.216.
The release of Chrome 148 is expected in early May.
Tip: Whether you keep your browser up to date, you need proper antivirus protections if you want your PC to remain secure and private. Check out our picks for the best antivirus software for Windows as well as best VPN services to stay ahead of security problems.
