On 2 July 2026, Google released what security researchers are calling a “whopper” Chrome security update, addressing
382 issues in its popular Chrome browser
. For the estimated three billion Chrome users worldwide—including countless UK SMEs who rely on the browser for email, cloud applications, and everyday business tasks—this represents one of the largest single security releases in browser history, and it demands immediate attention.
This comes just weeks after
Google squashed 429 Chrome security bugs
in June, marking an unprecedented volume of security fixes. Combined with Microsoft’s record-breaking 206-vulnerability Patch Tuesday in June 2026, the sheer scale of vulnerabilities being discovered and patched has reached new heights—and UK businesses need to understand why.
What Makes This Chrome Security Update So Critical?
Among the 382 security fixes are 358 found by Google itself, with 15 of those rated as Critical
. Google assigns the Critical severity rating to vulnerabilities that could allow an attacker to run arbitrary code outside the browser’s sandbox—the highest threat tier on its rating scale.
According to malware intelligence researcher Peter Arntz at Malwarebytes, one particularly serious vulnerability stands out:
CVE-2026-13789, a use-after-free flaw in GPU that allows a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page
.
Why does this matter?
“Vulnerabilities that allow an attacker to escape the sandbox — which means it can impact the whole device — are valuable if you can chain them with others,” Arntz explains. “The browser sandbox is a restricted, sealed-off environment that is supposed to contain any malicious activity within the browser rather than directly on your whole computer.”
A sandbox escape means an attacker could potentially break out of Chrome’s protective boundaries and gain access to the wider operating system, business files, and network resources.
Why Are We Seeing Record Vulnerability Numbers?
The unprecedented volume of security updates isn’t just from Chrome.
The increased velocity of security releases by Google, Apple and Microsoft is driven by artificial intelligence, which is being used by defenders to find flaws in software
. This is positive news—it means security teams are finding and fixing vulnerabilities before threat actors can weaponise them.
However, it also means businesses face an accelerating patch cycle.
The Chrome browser is moving to a two-week release cycle from September 2026, a change intended to give developers and users faster access to new features, performance improvements and bug fixes
.
For UK SMEs, this represents both a challenge and an opportunity: faster patches mean better security, but only if your organisation has robust update processes in place. If you’re still managing patches reactively or relying on users to handle their own updates, you’re falling behind—particularly given the shift to vulnerability exploitation as the top cyber threat in 2026.
The AI Arms Race in Cybersecurity
Both attackers and defenders are now using AI to accelerate their work. Google’s internal tools use
code sanitizer tools and fuzzing techniques to find vulnerabilities, and the company is on the list allowed to use advanced AI platforms to help find these vulnerabilities
.
Unfortunately, threat actors have access to similar technologies. Our recent coverage of AI-driven cyber threats facing UK SMEs detailed how automated attacks are becoming faster and more sophisticated.
How to Update Chrome Immediately (All Devices)
The stable channel has been updated to 150.0.7871.46/.47 for Windows and Mac, 150.0.7871.46 for Linux, and 150.0.7871.63 for Android. Google says the update will roll out over the coming days and weeks
—but waiting for the automatic rollout puts your business at unnecessary risk.
Here’s how to update manually across all platforms:
Windows, Mac, and Linux Desktop
- Open Chrome and click the three-dot menu (top right)
- Navigate to Settings
- Click About Chrome from the left menu
- Chrome will automatically check for and download the latest version
- Important: Click Relaunch when prompted—the security update doesn’t activate until you restart the browser
Android and ChromeOS
- Open the Google Play Store (Android) or system updater (ChromeOS)
- Search for Chrome or check for system updates
- Install any available updates
- Restart the browser or device if prompted
For IT Administrators Managing Multiple Machines
If you manage Chrome across a fleet of devices, you should:
- Deploy the update through your enterprise management tools (Google Admin Console, Microsoft Intune, or similar)
- Verify that Chrome’s automatic update mechanism hasn’t been disabled by group policy or extensions
- Check that the Chrome update service is running on all Windows machines
- Use reporting tools to confirm all endpoints are running version 150.0.7871.46 or higher
- Document the update as part of your business continuity planning
Chrome’s New Two-Week Release Cycle: What It Means for Your Business
From September 2026, Chrome will move to a bi-weekly release schedule rather than the current four-week cycle. This change will affect how UK businesses need to approach browser management.
“While releases will be more frequent, their smaller scope minimizes disruption and simplifies post-release debugging. And thanks to recent process enhancements, we are confident this shift will maintain our high standards for stability,” Google’s Chrome Browser Release Team stated
.
For organisations concerned about the maintenance burden,
Google recommends the two-week Stable option as the most secure choice for enterprise users when security outweighs maintenance costs
. There is an Extended Stable channel available, but it comes with longer exposure windows to newly discovered threats.
Don’t Rely on Automatic Updates Alone
Many businesses assume Chrome updates automatically, so there’s nothing to worry about. This is dangerously complacent.
You can end up lagging behind on updates if you never close your browser or if something goes wrong, such as an extension preventing the update
.
Common reasons Chrome updates fail include:
- Users leaving browsers open for days or weeks at a time
- Problematic browser extensions blocking the update process
- Corporate policies accidentally disabling the Chrome update service
- Users dismissing update notifications without restarting
- Network restrictions preventing access to Google’s update servers
Given the doubled revenue impact of cyber breaches for UK SMEs in 2026, leaving browsers unpatched is a risk no business can afford.
What This Means for Your Broader Security Posture
The Chrome update is just one piece of a much larger security puzzle. The fact that we’re seeing record-breaking patch volumes from Microsoft, Google, and Apple simultaneously tells us that the threat landscape has fundamentally shifted.
UK SMEs should consider this a wake-up call to review their entire vulnerability management approach:
- Inventory all software: You can’t patch what you don’t know you have
- Establish patch windows: Critical updates like this Chrome release should be deployed within 14 days (the Cyber Essentials requirement)
- Test and deploy systematically: Use pilot groups to catch issues before wide deployment
- Monitor for compliance: Regular audits should verify all systems are up to date
- Train users: Staff need to understand why updates matter and how to apply them
If your organisation struggles with any of these areas, it may be time to consider professional IT support services that include proactive patch management and comprehensive security monitoring.
Take Action This Week
With 15 critical vulnerabilities now publicly documented, threat actors will be reverse-engineering these patches to create exploits targeting unpatched systems. The clock is already ticking.
Here’s your immediate action plan:
- Update Chrome now on all business devices (don’t wait for the automatic rollout)
- Verify the update took effect by checking your Chrome version matches 150.0.7871.46 or higher
- Document the update in your security log to demonstrate compliance
- Review your patch management process to ensure you’re ready for Chrome’s bi-weekly release schedule from September
- Consider browser management tools if you’re struggling to keep all endpoints current
The scale of this Chrome update—382 vulnerabilities in a single release—isn’t an anomaly. It’s the new normal as AI accelerates both vulnerability discovery and exploitation. UK businesses that treat security updates as optional or “when we get around to it” tasks are exposing themselves to preventable breaches.
Need Help Managing Security Updates Across Your Business?
At Meridian Micro, we help Kent and South East businesses stay secure without the stress of managing constant security updates. Our managed IT support services include proactive patch management, security monitoring, and comprehensive backup solutions that protect your business even if the worst happens.
If you’re concerned about keeping up with the accelerating pace of security updates—or if you simply want peace of mind that your systems are properly protected—get in touch with our team today on 01303 883111. We’ll assess your current security posture and show you how to stay protected without disrupting your business operations.
