Chrome 149, released this week for Windows, macOS, and Linux, patches 429 security vulnerabilities in a single update, the highest total in the browser’s 18-year history. Google’s Chrome Releases blog confirms 22 of those flaws are critical, 371 were found by Google’s own engineering teams, and none had been actively exploited before the fix rolled out.
The scale points to Google’s AI-powered vulnerability detection tools, particularly Big Sleep, a joint project of Google DeepMind and Project Zero, running at a depth that manual code review cannot match. That total already exceeds several times the full count of Chrome security patches released across all of 2025, and it lands less than two weeks after Chrome 148’s third consecutive patch advisory.
The Version Jump That Rewrote Chrome Records
Chrome 148’s advisory history offers the clearest baseline. Its initial stable release in early May patched 127 vulnerabilities, roughly double Chrome 147’s opening count. A mid-cycle security update three weeks later resolved 79 additional flaws. A third advisory last week added 151 more, bringing Chrome 148’s combined total to 357 across three rounds.
The current release cleared that full three-advisory tally on its first day of stable availability.
- 127 vulnerabilities patched in Chrome 148’s initial stable release (early May)
- 79 additional flaws fixed in Chrome 148’s mid-cycle security update
- 151 more addressed in Chrome 148’s third patch advisory last week
- 429 vulnerabilities patched in version 149 on its first day of stable release
Two days after the stable channel announcement, Srinivas Sista, who publishes Chrome’s security advisories at Google, posted the full vulnerability listing. That disclosure pace reflects machine-assisted classification running alongside patch development. The internal-discovery trajectory is visible in the advisory data: Google-discovered Chrome flaws numbered 16 in a mid-April update, 21 the following week, 100 in the May 5 advisory. By this release the internal count reached 371.
Post-release analysis from SecurityWeek noted the record tally already exceeds several times the total count of Chrome security fixes published in all of 2025, suggesting AI-assisted audits are surfacing vulnerability backlogs that accumulated undetected in prior versions. Chrome 148’s trajectory, from 127 initial fixes to 357 across its full advisory cycle, was a preview of the same dynamic at smaller scale.
Chrome 150 is scheduled for the end of June.
Big Sleep’s Fingerprints on 371 Fixes
How Big Sleep Works
Big Sleep is an autonomous AI agent built through collaboration between Google DeepMind and Project Zero, Google’s internal elite security research team. Its function is scanning real production software for previously unknown security flaws and surfacing findings to human reviewers who confirm validity before a CVE (Common Vulnerabilities and Exposures entry, the cross-industry identifier for security flaws) gets assigned and a patch scheduled. Google’s 2026 AI threat intelligence report also describes CodeMender, an experimental companion tool that uses Gemini reasoning to automatically propose code fixes once a flaw is confirmed.
In August 2025, Big Sleep caught a high-severity issue in Chrome’s V8 JavaScript engine, the first public confirmation of the system finding a real-world Chrome vulnerability. A week later, it flagged CVE-2025-9478, a critical use-after-free flaw in ANGLE (Almost Native Graphics Layer Engine, Chrome’s cross-platform OpenGL translation layer) rated 9.8 on the CVSS severity scale. Both discoveries appear in Chrome release advisories credited to Big Sleep and treated identically to external researcher submissions.
Beyond Chrome, Google DeepMind reported in mid-2025 that the system had found 20 previously unknown vulnerabilities in widely used open-source tools including FFmpeg, the multimedia framework, and ImageMagick, the image-processing library bundled into millions of applications. With this release, the tool has effectively become a co-author on Chrome’s security advisory alongside Google’s human research teams.
The Scale of Internal Discovery
The difference between those individual catches and this week’s batch is volume. Of the total findings in this release, Google’s teams contributed 371 and external researchers reported 58, a ratio of roughly 87 percent internal. That essentially inverts what Chrome advisories looked like a few years ago, when external researchers consistently led the contributor credits by a wide margin.
The latest advancements in AI from Google and the broader industry have made it significantly easier to take a test case and explain the root cause, propose a suitable fix, and to find variants of known problems.
Google included that statement in its April 2026 Chrome Vulnerability Reward Program announcement, the same document that restructured bounty amounts for the categories AI now surfaces in volume. The shift is already visible for security researchers who specialized in use-after-free and input-validation bugs: their submission domain is narrowing, while the top-tier reward for chain exploits requiring human expertise has held its value.
Vulnerability Types and the Components Most Exposed
Use-after-free (UAF) vulnerabilities, the class of memory flaw where software tries to access memory already released by the operating system, form the largest category at 110 instances. In a browser renderer, a UAF bug lets an attacker craft a web page that corrupts heap memory, potentially enabling a sandbox escape and code execution on the host machine. Insufficient validation of untrusted inputs accounts for 88 bugs, and inappropriate implementation covers 60 more. Those three types together total 258, with the remaining 171 spread across other flaw categories.
| Vulnerability Type | Count in This Release | Primary Risk |
|---|---|---|
| Use-after-free (UAF) | 110 | Heap corruption, sandbox escape |
| Insufficient validation | 88 | Input-handling bypass, arbitrary read/write |
| Inappropriate implementation | 60 | Policy and logic flaws |
| Other types | 171 | Varies by component |
By severity, the patch set spans 22 critical flaws (CVE-2026-10881 through CVE-2026-10902), 87 rated high, 226 rated medium, and 94 rated low. Critical and high-severity bugs together account for 109, slightly over a quarter of the batch.
ANGLE accounts for the most resolved bugs by browser component, with 37 patched vulnerabilities. Its high concentration reflects the complexity of translating WebGL calls across different graphics APIs and operating system driver stacks, a surface that creates consistent opportunities for memory-boundary errors. The extension interface and media handling each carry 18 patched flaws; including codec bugs, media handling reaches 28 total.
The most severe individual flaw is CVE-2026-10881, an out-of-bounds read and write in ANGLE rated 9.6 on the CVSS scale by Google. A remote attacker could exploit it via a crafted HTML page to escape Chrome’s sandbox and execute code on the host machine. Per the Chrome 149 security advisory, Google paid $97,000 to the external researcher who reported it. The remaining 21 critical CVEs, CVE-2026-10882 through CVE-2026-10902, were identified internally and carried no external bounty.
Why Google Cut Bounties While Finding Record Bugs
The April Restructuring
In April 2026, Google overhauled the Chrome Vulnerability Reward Program rules, removing low-severity issues from the program’s scope, tightening reproduction requirements for memory-safety bugs, and cutting individual payouts for categories where AI discovery has become routine. Full-chain browser exploits on current hardware still qualify for up to $250,000, with an additional $250,128 bonus for defeating MiraclePtr, Chrome’s memory-allocation protection system for non-renderer processes. Exploit bonuses are now capped at four per year under the revised rules, and everyday input-validation and logic-flaw reports earn smaller baseline rewards.
That restructuring came after Google paid a record $17.1 million in total bug bounties across all programs in 2025, pushing the all-time total to $81.6 million since the Vulnerability Reward Program launched in 2010. Google told researchers it expects aggregate 2026 payouts to rise despite lower per-bug rates, projecting that AI-assisted discovery will keep qualified submission volume elevated.
When AI Finds Too Much
HackerOne’s Internet Bug Bounty (IBB) program, which covers critical open-source software, paused new submissions in early 2026 after AI-assisted research flooded maintainer queues faster than patches could ship. Anthropic published data showing its Claude models found 22 Firefox vulnerabilities in two weeks, 14 rated high severity, all confirmed and patched by Mozilla.
For this release’s external researcher pool, Google has so far paid approximately $209,000 in bounties covering those 58 externally reported bugs. The final figure will likely be higher: Google has yet to disclose amounts for over a dozen reports. The internally discovered bugs cost nothing in bounty but required substantial compute and human-review time to process at this volume.
The April VRP overhaul set different price points for these two categories: premium rewards for chain exploits requiring genuine human expertise, and smaller baseline floors for the volume bugs that AI now generates per release cycle.
What Chrome Users Need to Do Now
None of the vulnerabilities in Chrome 149 were being exploited in the wild before the patch shipped. That zero-exploitation status held across all three Chrome 148 advisory rounds too. The pre-update risk was theoretical: no known attacker had weaponized any of these flaws before Google fixed them.
If AI tools can find this many bugs in a focused audit of Chrome’s current codebase, prior Chrome versions audited without this scale of automated scanning likely carried comparable backlogs that went undetected. That gap between what was present and what was visible has narrowed significantly with this release, but it existed across every major version before it. The bugs were probably always there; the tools to see them at scale are new.
Chrome updates automatically when a new version is available. To confirm you’re on version 149 or push the update on a managed device:
- Open Chrome and click the three-dot menu in the upper-right corner
- Select Help, then About Google Chrome
- Chrome displays your installed version and checks for pending updates automatically
- Relaunch the browser when prompted to complete the installation
On Windows and macOS, the correct version strings are 149.0.7827.53 or .54; Linux users land on 149.0.7827.53; Android has a separate build at 149.0.7827.59; iOS received 149.0.7827.45 last week. On devices managed under IT policy, Google’s Chrome enterprise update documentation covers managed-browser configurations. This release also ships PDF annotation and digital signing in the built-in viewer, the only user-facing features listed on Chrome’s own What’s New page.
Chrome 150 is due at the end of June. The number to beat is 429.
