Google Ships Chrome 149 With 429 Bug Fixes as AI-Driven Reports Swell Vulnerability Counts
Updated
Updated · SecurityWeek · Jun 6
Google Ships Chrome 149 With 429 Bug Fixes as AI-Driven Reports Swell Vulnerability Counts
3 articles · Updated · SecurityWeek · Jun 6
Summary
Chrome 149 reached the stable channel with 429 patched vulnerabilities — a record for one release — including more than 100 critical and high-severity flaws.
CVE-2026-10881, rated 9.6, was the most severe: an ANGLE out-of-bounds read/write bug that could let attackers escape Chrome’s sandbox via crafted HTML and potentially run code on the host OS.
Google paid at least $208,000 in bounties, including $97,000 for CVE-2026-10881, $43,000 for a critical Network use-after-free flaw, and $5,000 for another critical ANGLE bug; final payouts may rise.
Most fixes targeted use-after-free and untrusted-input validation issues, while Google found 19 of the 22 critical bugs itself and disclosed only limited external reporting across high-, medium- and low-severity flaws.
The surge already exceeds several times Chrome’s 2025 fix count and aligns with a broader AI-driven jump in vulnerability discovery that prompted Google to lower Chrome bug bounties in April.
As AI finds flaws faster than humans can fix them, is the battle for cybersecurity already lost?
How can nations defend against AI-powered cyber warfare when exploits are developed before patches exist?
429 Flaws Fixed in Chrome 149: The AI-Driven Surge in Vulnerability Discovery and Its Systemic Impact
Overview
The cybersecurity landscape is rapidly evolving as shown by the Chrome 149 update, which fixed a record 429 security flaws, highlighting the ongoing challenge of protecting browsers against new threats. This surge in vulnerability discovery is driven by advancements in artificial intelligence and autonomous agents, which now actively seek out and even attempt to exploit weaknesses, changing how security flaws are found. While these AI systems make it easier to identify vulnerabilities, they also create new challenges for security teams, who must now focus more on verifying, prioritizing, and fixing the growing number of issues to protect user data and system integrity.