{
"title": "Chrome 150.0.7871.47 Rushes Out Fix for Critical Font Vulnerability — Update Immediately",
"content": "This week, Google released Chrome 150.0.7871.47 to the stable channel, fixing a critical security vulnerability tracked as CVE-2026-13938. The flaw, an integer overflow in the browser’s font-handling engine, allows a remote attacker to trigger an out-of-bounds memory write—potentially leading to arbitrary code execution—if a user simply visits a malicious website. All Chrome users on Windows, Mac, and Linux are urged to apply the patch immediately.
What actually changed with this Chrome update
Chrome 150.0.7871.47 specifically patches CVE-2026-13938 in the font processing pipeline. According to Google’s advisory, the vulnerability resides in a component that parses font files. When the browser loads a web page that includes a specially crafted font, an integer overflow can occur during buffer size calculations, resulting in a write operation that lands outside the intended memory allocation. This out-of-bounds write can corrupt critical data structures and, if exploited successfully, give an attacker control over the browser process.
Google has classified CVE-2026-13938 as Critical, the highest severity rating for a browser flaw. The update is now rolling out via Chrome’s automatic updater, and users can manually trigger it by going to chrome://settings/help. The rollout is staggered, so it may take a few days to reach all systems. In addition to the font bug, this release includes other security fixes, but details are being withheld to protect users until a majority have updated.
An integer overflow is a classic memory safety bug. It happens when a mathematical operation exceeds the maximum value a variable can hold