Google has released Chrome 149, a security update that patches 18 severe vulnerabilities in the browser. According to SecurityWeek, more than half of the bugs are use-after-free defects, a class of memory corruption issues that can potentially allow attackers to execute arbitrary code on affected systems.

The update is considered critical, given the prevalence of use-after-free vulnerabilities in Chrome’s history and their frequent exploitation in real-world attacks. While SecurityWeek did not specify a CVSS score or deployment scale, the large number of high-severity fixes underscores the importance of immediate patching for both enterprise and individual users.

Use-after-free vulnerabilities occur when a program continues to reference memory after it has been freed, enabling attackers to overwrite data or redirect execution flow. The exact attack vectors for each bug have not been disclosed, but the firm typically withholds technical details until a majority of users have updated to prevent active exploitation.

Google has not yet released a detailed advisory listing individual CVE identifiers or affected components. Users are advised to enable automatic updates or manually check for Chrome 149 via the browser’s About menu. No workarounds have been published; the sole mitigation is applying the update.

No threat actor attribution was provided in the source. While use-after-free bugs are a common target for exploit brokers, prompt patching remains the most effective defense against potential ransomware or spyware pivots leveraging these flaws.