Google Pushes Emergency Patches for Chrome and Android — Update Both Now
Google released out-of-band security updates for Chrome (CVE-2026-2211) and Android (CVE-2026-2198), both rated Critical and confirmed exploited in the wild. Chrome's flaw enables sandbox escape; Android's allows privilege escalation without user interaction.
Chrome CVE-2026-2211: Sandbox Escape
Google released an emergency update for Chrome on April 22, 2026, addressing CVE-2026-2211, a critical use-after-free vulnerability in Chrome's GPU process. This vulnerability allows an attacker to escape Chrome's security sandbox — the isolation layer that prevents malicious web content from accessing the underlying operating system. A user visiting a malicious website or clicking a malicious link is sufficient to trigger the exploit. Once the sandbox is escaped, the attacker can execute code with the privileges of the Chrome process on the victim's system. Google's Threat Analysis Group confirmed active exploitation in targeted attacks before the patch was released. Update Chrome by going to Help > About Google Chrome and restarting after the update downloads.
Android CVE-2026-2198: Privilege Escalation Without User Interaction
Google's April 2026 Android Security Bulletin includes a patch for CVE-2026-2198, a critical privilege escalation vulnerability in the Android kernel's Bluetooth subsystem. This vulnerability is particularly dangerous because it does not require any user interaction — an attacker within Bluetooth range of an affected device can exploit the vulnerability to gain elevated privileges on the device without the user doing anything. This type of vulnerability, sometimes called a "zero-click" exploit, is especially valuable to sophisticated attackers because it leaves no trace of user interaction. Google confirmed active exploitation in targeted attacks. The patch is included in the April 2026 Android Security Patch Level (2026-04-05).
How to Update Your Devices
For Chrome: open Chrome, click the three-dot menu, go to Help > About Google Chrome, and allow the update to download. Restart Chrome when prompted. Verify you are running version 135.0.7049.84 or later. For Android: go to Settings > System > System Update and check for the April 2026 security update. The update availability depends on your device manufacturer and carrier — Samsung, Google Pixel, and other major manufacturers typically release updates within days of Google's bulletin. For business environments, use your Mobile Device Management (MDM) solution to push the update to all managed Android devices and set a compliance deadline. Devices that have not applied the update within your deadline should be restricted from accessing corporate resources.
- Update Chrome to version 135.0.7049.84 or later immediately on all devices
- Apply the April Android security update on all company-owned and BYOD Android devices
- Enable automatic updates on all Android devices — many users delay updates for weeks
- Update Microsoft Edge, Brave, and other Chromium-based browsers as their patches follow shortly
- Consider enrolling Android devices in your MDM solution to enforce timely security updates
Need Help With This Threat?
Our San Antonio security team can assess your exposure, apply patches, and protect your business before attackers strike.
Stay ahead of the next threat
Get weekly security alerts — breaches, patch updates, compliance news, and threat intel — delivered free to your inbox every week.