HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Google Releases Two Chrome Updates in Two Days to Patch 27 Vulnerabilities, Including Two Critical Use‑After‑Free Flaws

Google issued back‑to‑back Chrome updates that close 27 security flaws, two of them critical use‑after‑free bugs. The rapid patch cycle illustrates why SOC 2‑ready organizations must maintain documented, continuously‑monitored patch‑management controls.

LiveThreat™ Intelligence · 📅 July 10, 2026· 📰 malwarebytes.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
3 recommended
📰
Source
malwarebytes.com

Google Releases Two Chrome Updates in Two Days to Patch 27 Vulnerabilities, Including Two Critical Use‑After‑Free Flaws

What Happened — On July 8 2026 Google pushed a Chrome Stable‑channel update (150.0.7871.115) just one day after the prior release (150.0.7871.114). Together the two patches address 27 security flaws, two of which are critical use‑after‑free memory bugs that could allow remote code execution. Google reports no active exploitation in the wild.

Why It Matters for Compliance & Audit Readiness

  • The rapid patch cadence underscores the need for a documented, continuously‑monitored patch‑management process—exactly the type of control SOC 2 CC 6.1 (System Operations) expects.
  • Evidence of timely updates (e.g., version‑tracking logs) serves as audit‑ready proof that the organization mitigates known software vulnerabilities.
  • Mapping this patch‑management activity to a Control Mapping capability provides a reusable evidence set for future SOC 2 examinations.

Who Is Affected – Enterprises that rely on Chrome for web access across Windows, macOS, and Linux—spanning technology, finance, healthcare, and virtually any sector with a browser‑centric workforce.

Recommended Actions

  • Verify that all corporate endpoints run Chrome 150.0.7871.115 or later; use automated inventory tools to detect lagging versions.
  • Capture version‑state logs and update timestamps as continuous compliance evidence for SOC 2 CC 6.1.
  • Incorporate the patch‑management workflow into your control‑mapping repository to demonstrate due‑diligence during audits.

Source: Malwarebytes Labs – Two Chrome updates in two days fix critical vulnerabilities

Technical Notes – Both critical flaws are use‑after‑free memory errors that could enable arbitrary code execution. No CVE IDs were disclosed at time of writing; Google’s security advisory confirms the vulnerabilities are unexploited.

📰 Original Source
https://www.malwarebytes.com/blog/news/2026/07/two-chrome-updates-in-two-days-fix-critical-vulnerabilities

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →