Google Releases Two Chrome Updates in Two Days to Patch 27 Vulnerabilities, Including Two Critical Use‑After‑Free Flaws
What Happened — On July 8 2026 Google pushed a Chrome Stable‑channel update (150.0.7871.115) just one day after the prior release (150.0.7871.114). Together the two patches address 27 security flaws, two of which are critical use‑after‑free memory bugs that could allow remote code execution. Google reports no active exploitation in the wild.
Why It Matters for Compliance & Audit Readiness
- The rapid patch cadence underscores the need for a documented, continuously‑monitored patch‑management process—exactly the type of control SOC 2 CC 6.1 (System Operations) expects.
- Evidence of timely updates (e.g., version‑tracking logs) serves as audit‑ready proof that the organization mitigates known software vulnerabilities.
- Mapping this patch‑management activity to a Control Mapping capability provides a reusable evidence set for future SOC 2 examinations.
Who Is Affected – Enterprises that rely on Chrome for web access across Windows, macOS, and Linux—spanning technology, finance, healthcare, and virtually any sector with a browser‑centric workforce.
Recommended Actions
- Verify that all corporate endpoints run Chrome 150.0.7871.115 or later; use automated inventory tools to detect lagging versions.
- Capture version‑state logs and update timestamps as continuous compliance evidence for SOC 2 CC 6.1.
- Incorporate the patch‑management workflow into your control‑mapping repository to demonstrate due‑diligence during audits.
Source: Malwarebytes Labs – Two Chrome updates in two days fix critical vulnerabilities
Technical Notes – Both critical flaws are use‑after‑free memory errors that could enable arbitrary code execution. No CVE IDs were disclosed at time of writing; Google’s security advisory confirms the vulnerabilities are unexploited.