Do Son 
Google has officially promoted Chrome 144 to the stable channel, rolling out a crucial security update that addresses 10 vulnerabilities, including three high-severity flaws that could compromise the browser’s rendering and JavaScript engines.
The update, versioned as 144.0.7559.59 for Linux and 144.0.7559.59/60 for Windows and Mac, is currently being pushed to users worldwide.
The spotlight of this release falls heavily on V8, Google’s open-source high-performance JavaScript engine. Attackers frequently target V8 because successful exploitation can allow them to execute arbitrary code within the browser sandbox.
Leading the list of fixes is CVE-2026-0899, a high-severity “Out of bounds memory access” vulnerability in V8. This type of flaw allows a program to read or write memory outside of the intended boundaries, potentially leading to data corruption, crashes, or code execution. The discovery earned researcher @p1nky4745 a bounty of $8,000 .
Two other high-severity flaws were also patched:
- CVE-2026-0900: An “Inappropriate implementation” in V8, reported internally by Google.
- CVE-2026-0901: An “Inappropriate implementation” in Blink, the browser’s rendering engine, credited to researcher Irvan Kurniawan (sourc7).
Beyond the headline threats, the Chrome team patched several medium-severity issues. Notably, CVE-2026-0903 addresses “Insufficient validation of untrusted input in Downloads,” a flaw that could potentially be abused to bypass security checks on downloaded files . This discovery resulted in a $3,000 reward for researcher Azur .
Another medium-severity V8 flaw, CVE-2026-0902, was also resolved, carrying a $4,000 bounty .
Google has restricted access to the specific bug details until a majority of users have updated, preventing threat actors from reverse-engineering the patches to create exploits .
Users are strongly advised to verify their update status immediately by navigating to Menu > Help > About Google Chrome. If the browser hasn’t updated automatically, this action will trigger the download.
Related Posts:
- Google Chrome Patches Three High-Severity Flaws in V8 Engine
- Chrome Update Alert: Two High-Severity Flaws Patched – Update Now to Stay Safe!
- Google Chrome Emergency Update: High-Severity Memory Corruption Flaws Fixed in WebGPU and V8
- Chrome 143 Stable Fixes 13 Flaws: High-Severity V8 Type Confusion Earns $11,000 Bounty
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
