Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
AsyncRAT Campaign Leverages ScreenConnect to Evade Detection
July 2, 2026
AsyncRAT Campaign Exploits Cloudflare Tunnels and Python for Malware Delivery
July 2, 2026
New Microsoft 365 Phishing Uses OAuth Device Code Flow to Steal Tokens
July 2, 2026
Home/CyberSecurity News/Critical Chrome Vulnerabilities Let Attackers Execute Remote Code
CyberSecurity News

Critical Chrome Vulnerabilities Let Attackers Execute Remote Code

Key Takeaways Google has released an urgent security update for its Chrome desktop browser, patching 30 vulnerabilities. Four of these flaws are critical, enabling remote code execution (RCE)...

David kimber
David kimber
April 29, 2026 3 Min Read
35 0

Key Takeaways

  • Google has released an urgent security update for its Chrome desktop browser, patching 30 vulnerabilities.
  • Four of these flaws are critical, enabling remote code execution (RCE) attacks.
  • The update brings the Stable channel to version 147.0.7727.137/138 for Windows and Mac, and 147.0.7727.137 for Linux.
  • Users are strongly advised to update immediately to prevent potential exploitation.

Critical Chrome Vulnerabilities Addressed in Urgent Update

Google has issued a vital security update for its Chrome desktop browser, addressing a total of 30 security vulnerabilities. Among these, four are classified as critical, posing a significant risk of Remote Code Execution (RCE).

Table Of Content

  • Key Takeaways
  • Critical Chrome Vulnerabilities Addressed in Urgent Update
  • Understanding the “Use-After-Free” Vulnerabilities
  • Temporary Disclosure Restrictions and Bug Bounties
  • What You Should Do

The Stable channel has been updated to version 147.0.7727.137/138 for Windows and Mac users, while Linux installations will receive version 147.0.7727.137. Google is rolling out this essential update progressively over the coming days and weeks to ensure a smooth and stable deployment across its vast user base.

Understanding the “Use-After-Free” Vulnerabilities

A majority of the severe flaws resolved in this release are “Use-After-Free” memory vulnerabilities. This type of bug arises when an application attempts to access a memory location that has already been deallocated or freed. Such memory mismanagement can lead to unpredictable browser crashes, severe data corruption, and, most critically, arbitrary code execution.

Successful exploitation of these vulnerabilities could allow remote attackers to execute malicious commands on a victim’s machine. This can occur simply by convincing a user to visit a specially crafted malicious webpage. Crucially, these attacks often require no additional user interaction and could potentially bypass Chrome’s built-in sandbox protections, leading to a compromise of the underlying operating system.

Temporary Disclosure Restrictions and Bug Bounties

In line with industry best practices, Google is temporarily restricting public access to specific bug details and exploit links. This measure is implemented until a significant portion of the user base has successfully applied the security patch, thereby preventing threat actors from reverse-engineering the fixes to launch attacks against unpatched systems.

Google has acknowledged the contributions of security researchers by awarding bug bounties. Notable payouts include $16,000 for a high-severity GPU flaw and $7,000 for a critical Canvas issue.

Below is a summary of some of the most critical and highly rewarded vulnerabilities addressed in this Chrome release, as detailed in the official Chrome Releases blog:

  • CVE-2026-7363: A critical use-after-free vulnerability discovered in the Canvas component, reported by heapracer, earning a $7,000 bounty.
  • CVE-2026-7361: A critical use-after-free vulnerability impacting iOS, identified by Google, with the bounty amount yet to be determined.
  • CVE-2026-7344: A critical use-after-free vulnerability found in the Accessibility component, reported by Google, with a pending bounty.
  • CVE-2026-7343: A critical use-after-free vulnerability located in the Views component, reported by Google, with a pending bounty.
  • CVE-2026-7333: A high-severity use-after-free vulnerability within the GPU component, reported by c6eed09fc8b174b0f3eebedcceb1e792, awarded a $16,000 bounty.

What You Should Do

  • Update Immediately: Individuals and network administrators are strongly urged to update their Google Chrome browsers without delay.
  • Check for Updates: Navigate to Help → About Google Chrome within your browser to initiate the update process.
  • Restart Browser: A quick browser restart is essential to fully apply the latest protections and mitigate risks.
  • Enterprise Deployment: Administrators managing enterprise environments should prioritize the rapid deployment of Chrome version 147.0.7727.137/138 across their networks to safeguard against potential intrusions.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitHackerPatchSecurityThreatVulnerability

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Vect 2.0 RaaS Targets Windows, Linux, and ESXi Systems

Next Post

LofyStealer Targets Minecraft Players with Node.js Loader and Browser Injection

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Citrix Bleed (CVE-2023-4966) Critical Vulnerability Actively Exploited
July 2, 2026
DHS Confirms Breach of HSIN Information Sharing Network
July 2, 2026
ChatGPT Flaw Exposes User Files, Poses System Access Risk
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us