Google has released an urgent update for Chrome on macOS, addressing a security vulnerability tracked as CVE-2026-13944. All Mac users running Chrome versions earlier than 150.0.7871.47 should update immediately and verify the new version to avoid potential exploitation.

What’s in the Update

Chrome 150.0.7871.47 for macOS is a targeted security patch that closes a vulnerability designated CVE-2026-13944. The fix is exclusive to Apple desktops and laptops — Windows, Linux, and Android versions of Chrome are unaffected. This is not a feature release; it is a surgical update that addresses a single flaw.

Details remain sparse in keeping with Google’s established practice of withholding technical specifics until a majority of users have applied the patch. The company assigns CVE identifiers through its internal vulnerability tracking system before public disclosure, and by the time an advisory reaches end users, the most critical details are often still restricted to the Chromium security team. What we do know is that the update is tagged as urgent and is rolling out through Chrome’s built-in update mechanism.

The version number itself — 150.0.7871.47 — follows Chrome’s standard four-part schema: a major milestone (150), a minor version (0), a build number (7871), and a patch number (47). For Mac users, this build is the only supported channel for the patch. If your browser’s “About Google Chrome” screen shows a lower number in any of those segments, you are vulnerable.

What You Need to Know Right Now

If you use Chrome on a Mac, this matters to you. The vulnerability is specific to macOS, meaning that even if you dual-boot into Windows on a Mac, the risk is present only in the macOS environment. However, because browser-based attacks often leverage web content — malicious websites, poisoned ads, or compromised third-party extensions — the threat model is broad. An attacker who lures a victim to a crafted page could potentially exploit the vulnerability to execute code, steal data, or escalate privileges, though the exact attack vector remains undisclosed.

Google’s decision to push a targeted update without waiting for its regular bi-weekly release cycle suggests the issue is serious enough to warrant an out-of-band fix. Security researchers often track such patches to gauge whether a vulnerability is being actively exploited “in the wild.” At the time of publication, Google has not confirmed active exploitation, but the urgency of the release speaks for itself.

Mac users who rely on alternative Chromium-based browsers, such as Microsoft Edge, Brave, Vivaldi, or Opera, should note that fixes for those browsers typically lag behind Chrome’s upstream releases. While those browsers have their own update schedules and may integrate this patch within days, there is no guaranteed timeline. The safest immediate action is to switch to Chrome for Mac and ensure it is updated to 150.0.7871.47.

How We Got Here: Chrome’s Security Patching Cadence and the macOS Factor

Google Chrome follows a six-week major release cycle, with security fixes often bundled into milestone updates. Critical vulnerabilities, however, can trigger an out-of-band update — a process that has been refined over more than a decade. The Chrome security team maintains a tight feedback loop with external researchers through its Vulnerability Reward Program, and when a submission is deemed severe enough, a fix is developed, tested, and shipped within days.

Historically, Chrome has suffered relatively few macOS-specific vulnerabilities compared to cross-platform issues, but they are not unprecedented. In 2019, CVE-2019-13720 (a use-after-free in audio) was one such case that Google eventually disclosed after a targeted campaign. More recently, Apple’s own security improvements — including tighter sandboxing and library validation — have made macOS a moving target for exploit developers, and vulnerabilities that bypass these protections can be highly valuable.

Chrome’s rapid update delivery is a double-edged sword. On one hand, users benefit from quick patches; on the other, enterprise IT departments struggle to deploy updates across fleets of managed devices before attackers reverse-engineer the fix. Google often publishes limited information at first, then provides a more complete write-up once a significant percentage of users have updated — a process known as “resource omission” designed to slow down exploit development.

Step-by-Step: Update Chrome for Mac

  1. Open Google Chrome on your Mac.
  2. Click the three-dot menu in the upper-right corner, then navigate to Help > About Google Chrome.
  3. Chrome will automatically check for updates and begin downloading the latest version.
  4. Once the download completes, click the Relaunch button to restart the browser.
  5. After relaunch, return to About Google Chrome and verify that the version reads 150.0.7871.47 (the full string, including both the build and patch numbers).

If the update fails to download — for instance, if you receive a message about network issues or administrative policies — try quitting Chrome completely and reopening it to restart the update check. In some cases, a system restart may be required. For users who manage multiple profiles, ensure each profile triggers the update check individually.

What If You Run Enterprise or Managed Devices?

IT administrators overseeing Mac fleets should leverage their device management platform to force-update Chrome. Google provides management policies that can be deployed via Jamf, Kandji, or Microsoft Intune:

  • Set the ChromeUpdatesEnabled policy to true.
  • Configure ChromeUpdatesMinimumVersion to 150.0.7871.47 to prevent users from running older versions.
  • Use ChromeBrowserCloudManagementEnrollmentToken to enroll browsers in cloud management for faster update rollouts.

Managed environments should also audit existing installations using tools like Munki or AutoPkg to confirm that all Mac endpoints have applied the patch. A staggered rollout — pushing the update to a test group first, then to all users — can catch compatibility issues with internal web applications before widespread deployment.

Outlook: What to Watch Next

Google will likely publish additional details on the Chromium bug tracker once enough users have applied the update, so keep an eye on the official Chrome Releases blog for a post titled something like "Stable Channel Update for Desktop (macOS)." Security researchers and exploit brokers will be dissecting the patch to understand the vulnerability, and it’s possible that proof-of-concept code could surface within weeks. For now, the immediate priority is simple: update and verify. Enable automatic updates in Chrome (Settings > Privacy and Security > Security > Always use secure connections and ensure auto-updates are turned on), and consider following the Chrome Security team’s advisories for future early warnings.