Chrome 144 Released With Fix for 10 Vulnerabilities in V8 Engine
Google has rolled out Chrome 144 to the stable channel across Windows, Mac, and Linux. This release addresses 10 security vulnerabilities, with a primary focus on the V8 JavaScript engine. The...
Google has rolled out Chrome 144 to the stable channel across Windows, Mac, and Linux. This release addresses 10 security vulnerabilities, with a primary focus on the V8 JavaScript engine.
The rollout is scheduled to reach users progressively over the coming days and weeks.
Critical Security Patches for V8 Engine
Chrome version 144.0.7559.59 for Linux and 144.0.7559.59/60 for Windows and Mac brings multiple security improvements, with six of the ten fixed vulnerabilities directly affecting the V8 JavaScript engine.
The most severe issue, CVE-2026-0899, involves an out-of-bounds memory access vulnerability in the V8 engine.
This high-severity flaw could allow attackers to access memory outside allocated boundaries, leading to information disclosure or system compromise.
| CVE ID | Severity | Component | Vulnerability Type |
|---|---|---|---|
| CVE-2026-0899 | High | V8 | Out of bounds memory access |
| CVE-2026-0900 | High | V8 | Inappropriate implementation |
| CVE-2026-0901 | High | Blink | Inappropriate implementation |
| CVE-2026-0902 | Medium | V8 | Inappropriate implementation |
| CVE-2026-0903 | Medium | Downloads | Insufficient validation |
| CVE-2026-0904 | Medium | Digital Credentials | Incorrect security UI |
| CVE-2026-0905 | Medium | Network | Insufficient policy enforcement |
| CVE-2026-0906 | Low | Security UI | Incorrect security UI |
| CVE-2026-0907 | Low | Split View | Incorrect security UI |
| CVE-2026-0908 | Low | ANGLE | Use after free |
Additional V8-related fixes include CVE-2026-0900 and CVE-2026-0902, both of which address improper implementations that could be exploited by malicious actors.
Beyond V8 engine fixes, Chrome 144 addresses vulnerabilities across multiple browser components.
CVE-2026-0901 resolves an inappropriate implementation in Blink, the rendering engine responsible for displaying web content.
The update also addresses security issues in the Digital Credentials and Split View features, with researcher Hafiizh receiving rewards totaling $1,500 for identifying these flaws.
A medium-severity vulnerability in Downloads (CVE-2026-0903) affecting input validation was fixed, along with network policy enforcement issues.
Google credited external security researchers with discovering eight of the ten vulnerabilities and paid out over $18,500 in bug bounty rewards.
Users should update their Chrome browsers immediately to benefit from these security enhancements.
The browser typically updates automatically, but users can manually check for updates by navigating to Settings > About Chrome.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.