Critical WebGL Vulnerabilities Patched
Google has released an urgent security update for Chrome, addressing 18 vulnerabilities in the latest stable build. Among these are four critical severity flaws, two of which could allow attackers to escape the browser’s sandbox. The update brings Chrome to version 149.0.7827.196/197 for Windows and Mac, and 149.0.7827.196 for Linux, with an Android update also available at 149.0.7827.197.
The two most concerning vulnerabilities are use-after-free flaws in WebGL, a technology for rendering 2D and 3D graphics in the browser. Tracked as CVE-2026-13028 and CVE-2026-13032, both could be exploited by an attacker using a specially crafted HTML page. Use-after-free bugs occur when a program continues to reference memory after it has been freed, allowing an attacker to crash the program or execute arbitrary code.
How to Update and Protect Yourself
While there is no evidence these flaws are being actively exploited, Google has confirmed multiple Chrome zero-days earlier this year. Users should update immediately to mitigate risk. To manually update, open Chrome, click the three-dot menu, navigate to Settings, then About Chrome. The browser will automatically download the available update. After restarting the browser, the patch will be applied.
For continuous protection, security experts recommend using browser extensions that block malicious sites and phishing pages. Keeping Chrome updated is critical because sandbox escape vulnerabilities, when combined with other bugs, could allow attackers to take full control of a system.
Source: Malwarebytes
