Chrome 144 Security Alert: V8 & Libvpx Flaws Expose Systems to Hacks

The Stable channel for desktop users has just received a crucial security update, patching two high-severity vulnerabilities that could leave systems exposed to exploitation. The release bumps the version to 144.0.7559.132/.133 for Windows and Mac, and 144.0.7559.132 for Linux, with a rollout expected over the coming days and weeks.

While the update brings the usual performance tweaks, the spotlight is on two critical security fixes that address deep-seated memory and logic errors in core components.

The most notable fix targets the V8 JavaScript engine, the heart of the browser’s ability to process complex web code. Tracked as CVE-2026-1862, the vulnerability is described as a “Type Confusion” bug.

Type confusion errors are a favorite among attackers because they allow a program to access memory using the wrong “type” of object—effectively tricking the engine into reading or writing data it shouldn’t access. If successfully exploited, this can lead to browser crashes or, in worse scenarios, arbitrary code execution.

The second high-severity patch, CVE-2026-1861, addresses a “Heap buffer overflow” in libvpx, a widely used software video codec library.

Heap buffer overflows occur when a program writes more data to a memory buffer than it can hold, spilling over into adjacent memory space. In the context of a video library, a malicious actor could potentially craft a specific video file that, when processed, triggers this overflow to crash the system or hijack control flow.

As is standard practice, access to the specific details of these bugs is currently restricted. The development team notes that “links may be kept restricted until a majority of users are updated with a fix.” This precaution prevents threat actors from reverse-engineering the patch to create an exploit before the general public has had a chance to secure their machines.

Users on Windows, Mac, and Linux are urged to check for updates immediately to ensure they are protected against these high-risk vulnerabilities.

Related Posts:

• Firefox Alert: Zero-Interaction Exploit in libvpx Allows Arbitrary Code Execution
• CVE-2023-42824 & CVE-2023-5217: Two Zero-Day Vulnerabilities in Apple Ecosystem
• libaom Video Codec Library Exposed: Critical CVE-2024-5171 Vulnerability with CVSS 10