Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary Code
CyberSecurity News

Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary Code

Key Takeaways Google has released a critical security update for Chrome, addressing 31 vulnerabilities. Five of these flaws are rated “Critical” and could allow arbitrary code execution....

David kimber
David kimber
April 16, 2026 3 Min Read
46 0

Key Takeaways

  • Google has released a critical security update for Chrome, addressing 31 vulnerabilities.
  • Five of these flaws are rated “Critical” and could allow arbitrary code execution.
  • The update brings Chrome to version 147.0.7727.101/102 for Windows/macOS and 147.0.7727.101 for Linux.
  • Users must update immediately to protect against potential system compromise.

Google has rolled out an urgent security patch for its Chrome browser, designed to mitigate 31 distinct vulnerabilities that posed significant risks to user systems. This Stable Channel update, released on April 15, 2026, is crucial for all users, as several critical flaws could enable attackers to execute arbitrary code on targeted devices.

Table Of Content

  • Key Takeaways
  • Critical Chrome Vulnerabilities Patched
  • What You Should Do

The latest Chrome release, updating the browser to version 147.0.7727.101/102 for Windows and macOS, and 147.0.7727.101 for Linux, addresses an extensive array of security defects. Among the 31 fixes included, five are categorized as “Critical,” representing the most severe risk level for end-users.

Successful exploitation of these high-severity vulnerabilities could empower cybercriminals to install malicious software, manipulate sensitive data, or gain complete control over a compromised system without requiring elevated administrative privileges. Google’s official Chrome release notes indicate that the company has compensated independent security researchers with substantial bug bounties for their discoveries, highlighting the serious nature of the issues now resolved.

Critical Chrome Vulnerabilities Patched

The most pressing issues addressed in this security patch primarily involve various forms of memory mismanagement, including heap buffer overflows and use-after-free vulnerabilities. Such flaws are frequently leveraged by threat actors to achieve arbitrary code execution.

A detailed breakdown of the five critical vulnerabilities patched in this update is as follows:

  • CVE-2026-6296: A heap buffer overflow vulnerability discovered in the ANGLE graphics engine. This flaw was reported by researcher “cinzinga” on March 5, 2026, and commanded a significant $90,000 reward.
  • CVE-2026-6297: Identified as a use-after-free weakness within the Proxy component. “heapracer” discovered this on March 17, 2026, earning a $10,000 bounty.
  • CVE-2026-6298: Another critical heap buffer overflow, this time affecting the Skia 2D graphics library.
  • CVE-2026-6299: A use-after-free vulnerability detected in the Prerender function, discovered through internal efforts by Google engineers.
  • CVE-2026-6358: A critical use-after-free issue present in the XR (Extended Reality) component, reported by researchers at Seoul National University.

In addition to these critical flaws, the update also resolves numerous “High” severity issues. These include type confusion vulnerabilities within the Turbofan JavaScript engine and out-of-bounds read errors found in the Media component.

Arbitrary code execution represents one of the most dangerous capabilities for cyber attackers. By exploiting memory corruption flaws such as heap buffer overflows or use-after-free bugs, threat actors can bypass browser security sandboxes. Once initial access is established, attackers can silently deploy malware, install ransomware, or create unauthorized user accounts with extensive system privileges. Both individual users and corporate networks face substantial risks if devices remain unpatched.

What You Should Do

To safeguard personal data and corporate networks, users and administrators must apply this update without delay. Follow these steps to ensure your browser is secure:

  • Open your Google Chrome browser.
  • Click the three-dot menu, typically located in the top-right corner.
  • Navigate to “Help” and then select “About Google Chrome”.
  • Chrome will automatically check for and download the new update (version 147.0.7727.101 or 147.0.7727.102).
  • Once the download is complete, click the “Relaunch” button to apply the patches and restart the browser.

Google has stated that access to specific bug details will remain restricted until a significant portion of the user base has successfully updated their browsers. This responsible disclosure strategy is crucial for preventing threat actors from reverse-engineering the patches to develop working exploits. Stay vigilant and verify your browser version today to defend against these critical vulnerabilities.</

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVECybersecurityExploitMalwarePatchransomwareSecurityThreatVulnerability

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Critical Splunk RCE Vulnerability CVE-2023-46214 Patched

Next Post

Cisco Patches Critical Zero-Day Vulnerability in Firepower Management Center

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us