Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary Code
Key Takeaways Google has released a critical security update for Chrome, addressing 31 vulnerabilities. Five of these flaws are rated “Critical” and could allow arbitrary code execution....
Key Takeaways
- Google has released a critical security update for Chrome, addressing 31 vulnerabilities.
- Five of these flaws are rated “Critical” and could allow arbitrary code execution.
- The update brings Chrome to version 147.0.7727.101/102 for Windows/macOS and 147.0.7727.101 for Linux.
- Users must update immediately to protect against potential system compromise.
Google has rolled out an urgent security patch for its Chrome browser, designed to mitigate 31 distinct vulnerabilities that posed significant risks to user systems. This Stable Channel update, released on April 15, 2026, is crucial for all users, as several critical flaws could enable attackers to execute arbitrary code on targeted devices.
Table Of Content
The latest Chrome release, updating the browser to version 147.0.7727.101/102 for Windows and macOS, and 147.0.7727.101 for Linux, addresses an extensive array of security defects. Among the 31 fixes included, five are categorized as “Critical,” representing the most severe risk level for end-users.
Successful exploitation of these high-severity vulnerabilities could empower cybercriminals to install malicious software, manipulate sensitive data, or gain complete control over a compromised system without requiring elevated administrative privileges. Google’s official Chrome release notes indicate that the company has compensated independent security researchers with substantial bug bounties for their discoveries, highlighting the serious nature of the issues now resolved.
Critical Chrome Vulnerabilities Patched
The most pressing issues addressed in this security patch primarily involve various forms of memory mismanagement, including heap buffer overflows and use-after-free vulnerabilities. Such flaws are frequently leveraged by threat actors to achieve arbitrary code execution.
A detailed breakdown of the five critical vulnerabilities patched in this update is as follows:
- CVE-2026-6296: A heap buffer overflow vulnerability discovered in the ANGLE graphics engine. This flaw was reported by researcher “cinzinga” on March 5, 2026, and commanded a significant $90,000 reward.
- CVE-2026-6297: Identified as a use-after-free weakness within the Proxy component. “heapracer” discovered this on March 17, 2026, earning a $10,000 bounty.
- CVE-2026-6298: Another critical heap buffer overflow, this time affecting the Skia 2D graphics library.
- CVE-2026-6299: A use-after-free vulnerability detected in the Prerender function, discovered through internal efforts by Google engineers.
- CVE-2026-6358: A critical use-after-free issue present in the XR (Extended Reality) component, reported by researchers at Seoul National University.
In addition to these critical flaws, the update also resolves numerous “High” severity issues. These include type confusion vulnerabilities within the Turbofan JavaScript engine and out-of-bounds read errors found in the Media component.
Arbitrary code execution represents one of the most dangerous capabilities for cyber attackers. By exploiting memory corruption flaws such as heap buffer overflows or use-after-free bugs, threat actors can bypass browser security sandboxes. Once initial access is established, attackers can silently deploy malware, install ransomware, or create unauthorized user accounts with extensive system privileges. Both individual users and corporate networks face substantial risks if devices remain unpatched.
What You Should Do
To safeguard personal data and corporate networks, users and administrators must apply this update without delay. Follow these steps to ensure your browser is secure:
- Open your Google Chrome browser.
- Click the three-dot menu, typically located in the top-right corner.
- Navigate to “Help” and then select “About Google Chrome”.
- Chrome will automatically check for and download the new update (version 147.0.7727.101 or 147.0.7727.102).
- Once the download is complete, click the “Relaunch” button to apply the patches and restart the browser.
Google has stated that access to specific bug details will remain restricted until a significant portion of the user base has successfully updated their browsers. This responsible disclosure strategy is crucial for preventing threat actors from reverse-engineering the patches to develop working exploits. Stay vigilant and verify your browser version today to defend against these critical vulnerabilities.</
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.