Chrome Update Patches Critical Background Fetch API Flaw
A critical security vulnerability impacting Chrome’s Background Fetch API has prompted an urgent update. Google has released versions 144.0.7559.109 and 144.0.7559.110 to the stable channel to...
A critical security vulnerability impacting Chrome’s Background Fetch API has prompted an urgent update. Google has released versions 144.0.7559.109 and 144.0.7559.110 to the stable channel to address this flaw.
The update is rolling out across Windows, Mac, and Linux systems over the coming days and weeks, making it essential for users to ensure their browsers are fully updated.
The security fix centers on CVE-2026-1504, a High-severity vulnerability affecting the Background Fetch API implementation.
This vulnerability was identified as an inappropriate implementation that threat actors could potentially exploit.
| CVE ID | Vulnerability | CVSS Score | Component | Reporter | Bounty | Status |
|---|---|---|---|---|---|---|
| CVE-2026-1504 | Inappropriate implementation in Background Fetch API | 7.5 | Background Fetch API | Luan Herrera (@lbherrera_) | $3,000 | Fixed in 144.0.7559.109/.110 |
The issue was discovered and reported by security researcher Luan Herrera on January 9, 2026, and has been awarded a $3,000 bug bounty from Google’s Vulnerability Reward Program.
The Background Fetch API is a web standard that allows web applications to download large files in the background, even when the user has closed the browser tab or navigated away from the website.
This implementation’s vulnerability could enable malicious actors to manipulate background fetch operations. However, specific details of the exploitation remain restricted until the majority of users receive the patch.
This update represents Chrome’s ongoing commitment to security, building on the browser’s multi-layered defense mechanisms.
Google employs advanced detection tools, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL, to identify and prevent security issues from reaching the stable channel.
The Chrome 144.0.7559 update began rolling out immediately. However, it will be distributed gradually over several weeks to ensure system stability and allow for proper monitoring.
Users can manually trigger the update by accessing Chrome settings and checking for updates.
Windows and Mac users should look for version 144.0.7559.109 or .110, while Linux users will see 144.0.7559.109.
Security experts recommend that enterprise and individual users prioritize this update, particularly those who rely on web applications utilizing the Background Fetch API.
Organizations managing large Chrome deployments should monitor the rollout and validate application compatibility during the update window.
A comprehensive list of all changes included in this build is available in the official Chrome commit log.
Users experiencing issues should report them through the bug reporting system or utilize the Chrome community help forum for support.
Google continues to work with security researchers worldwide to strengthen Chrome’s security posture and prevent vulnerabilities from affecting users.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.