Google confirms security update for billions of users.
NurPhoto via Getty Images
When around 40% of the population of the planet uses the same web browser, security issues that impact it become an equally big thing. With an estimated 3.5 billion users, Google Chrome is that browser, and a new alert has just been issued concerning the latest security update. Although this one concerns only three cataloged vulnerabilities, compared to the quite staggering 60 Chrome security flaws as I reported at the start of the month, that doesn’t make it a non-story. According to Chrome’s Srinivas Sista, the latest update actually fixes 19 security issues, but only the three vulnerabilities disclosed by external researchers have been listed in the update alert.
The good news, of course, is that Google has started rolling out an update for all Chrome users that addresses all of the security issues that have been found. The bad is that Google has acknowledged it could take days, or even weeks, to reach all of those users. Here’s what we know and what you need to do next to ensure that you are protected against any potential threats arising from the vulnerabilities as soon as possible.
Google Chrome 147.0.7727.116 — Update Now As New Security Vulnerabilities Confirmed
According to the latest Google Chrome security update announcement, users of the browser on Windows, Linux and Mac should watch out for an update taking them to version 147.0.7727.116, or potentially 147.0.7727.117 for some Windows and Mac users, in the near future. Android users should also update their apps, as this will address any of the same security issues that apply to them.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Sista said, adding that Google will also “retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”
So, what do we know? Well, the three bugs that have been given official Common Vulnerabilities and Exposures severity ratings, and are listed in the Google posting, are as follows:
CVE-2026-6919 is a high-severity use-after-free vulnerability in the Chrome DevTools component, which could, if exploited, allow an attacker to escape the security sandbox by way of a maliciously crafted web page.
CVE-2026-6920 is a high-rated out-of-bounds read vulnerability in the GPU, and it appears to have similar payload ability to CVE-2026-6919 from what I can tell.
CVE-2026-6921, meanwhile, is a medium-severity GPU vulnerability, with the same outcomes, but this time using a malicious video file.
Thankfully, Chrome updates are handled automatically. But it never hurts to kickstart the process rather than wait. You can do this by using the three-dot menu in your browser and heading for Help|About Google Chrome. Just make sure you follow the final instruction to relaunch the browser, or the update will not activate.
