Critical Chrome Flaws Allow Arbitrary Code Execution –

Google has issued a critical security update for its Chrome browser, addressing 31 vulnerabilities that could leave systems exposed to severe cyber threats.

Released on April 15, 2026, this Stable Channel update requires immediate attention from users worldwide, as the most severe flaws could allow attackers to execute arbitrary code on targeted machines.

The latest Chrome update, bringing the browser to version 147.0.7727.101/102 for Windows and macOS, and 147.0.7727.101 for Linux, tackles a massive batch of security defects.

Of the 31 fixes included in this release, five are rated “Critical,” the highest risk level for end users.

If successfully exploited, these vulnerabilities could enable cybercriminals to run malicious programs, manipulate sensitive data, or take full control of a compromised system without requiring administrative privileges.

According to the official Google Chrome release notes, the company has paid substantial bug bounties to independent security researchers who discovered these flaws, underscoring the severity of the issues it has patched.

Critical Chrome Vulnerabilities Patched

The most pressing issues in this security patch involve memory mismanagement and buffer overflows.

Here is a breakdown of the five critical vulnerabilities patched in this update:

• CVE-2026-6296: Identified as a heap buffer overflow vulnerability in the ANGLE graphics engine. Reported by researcher “cinzinga” on March 5, 2026, this flaw earned a massive $90,000 reward.
• CVE-2026-6297: A use-after-free weakness located in the Proxy component. Discovered by “heapracer” on March 17, 2026, this submission fetched a $10,000 bounty.
• CVE-2026-6298: Another dangerous heap buffer overflow, this time affecting the Skia 2D graphics library.
• CVE-2026-6299: A use-after-free vulnerability was found in the Prerender function, discovered internally by Google engineers.
• CVE-2026-6358: A critical use-after-free issue in the XR (Extended Reality) component, reported by researchers at Seoul National University.

Alongside these critical flaws, the update also resolves multiple “High” severity issues, including type confusion in Turbofan and out-of-bounds read errors in the Media component.

Arbitrary code execution is one of the most dangerous types of cybersecurity threats.

By exploiting memory corruption flaws like heap buffer overflows or use-after-free bugs, threat actors can bypass browser security sandboxes.

Once they gain initial access, attackers can silently install malware, deploy ransomware, or create rogue user accounts with extensive system privileges. Home users and enterprise networks are equally at risk if devices remain unpatched.

Mitigations

To protect your personal data and corporate networks, users and administrators must apply this update immediately.

Follow these simple steps to ensure your browser is secure:

• Open your Google Chrome browser.
• Click on the three-dot menu located in the top-right corner of the window.
• Scroll down to “Help” and select “About Google Chrome”.
• Chrome will automatically check for new updates and begin downloading version 147.0.7727.101 or 147.0.7727.102.
• Once the download is complete, click the “Relaunch” button to apply the patches.

Google notes that access to specific bug details will remain restricted until a majority of the user base has successfully updated their browsers.

This responsible disclosure practice prevents threat actors from reverse-engineering the patches to create working exploits.

Stay vigilant and verify your browser version today to defend against these critical vulnerabilities.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.