Google has released Chrome 151 with fixes for 382 security vulnerabilities, marking one of the largest single-release patch batches in the browser’s history. The update was announced Tuesday and continues a trend of accelerating vulnerability discovery that Google attributes, at least in part, to AI tooling, though the company has not publicly identified which specific tools are involved.
Breakdown by Severity
Of the 382 patched flaws, the severity distribution breaks down as follows:
- Critical: 15
- High: 67
- Medium: 169
- Low: 131
Google researchers identified 358 of the 382 vulnerabilities internally, with the remainder reported externally.
Vulnerability Classes and Attack Scenarios
The patched issues span several common vulnerability categories, including use-after-free, out-of-bounds read and write, type confusion, uninitialized use, insufficient input validation, and incorrect security UI. A significant portion of the flaws affect the renderer process and can be triggered through crafted web content.
In practical terms, renderer-targeting bugs of this class can allow a remote attacker to achieve arbitrary code execution within the renderer sandbox. In more serious scenarios, vulnerabilities that enable sandbox escape could lead to arbitrary code execution at the operating system level. Security teams running Chrome in enterprise environments should treat critical and high-severity items here as priority patching candidates.
No Active Exploitation Reported
Google’s advisory for Chrome 151 does not flag any of the 382 vulnerabilities as currently exploited in the wild. This distinguishes the release from earlier updates this year. Google patched its fifth actively exploited zero-day of 2026 earlier in the same month, separate from this batch.
AI-Driven Discovery Trend
The volume of internally discovered vulnerabilities in recent Chrome releases is notable. Google has acknowledged that AI is likely contributing to the surge in findings but has stopped short of detailing specific methodologies or tools. Security researchers should expect this cadence to continue as AI-assisted fuzzing and code analysis mature within large vendor security programs.
Chrome 151 is available through the standard update channel. Organizations relying on Chrome-based browsers or embedded Chromium runtimes should verify update deployment promptly given the number of critical and high-severity items addressed.
