Critical Chrome Vulnerabilities Let Attackers Execute Remote Code
Key Takeaways Google has released an urgent security update for its Chrome desktop browser, patching 30 vulnerabilities. Four of these flaws are critical, enabling remote code execution (RCE)...
Key Takeaways
- Google has released an urgent security update for its Chrome desktop browser, patching 30 vulnerabilities.
- Four of these flaws are critical, enabling remote code execution (RCE) attacks.
- The update brings the Stable channel to version 147.0.7727.137/138 for Windows and Mac, and 147.0.7727.137 for Linux.
- Users are strongly advised to update immediately to prevent potential exploitation.
Critical Chrome Vulnerabilities Addressed in Urgent Update
Google has issued a vital security update for its Chrome desktop browser, addressing a total of 30 security vulnerabilities. Among these, four are classified as critical, posing a significant risk of Remote Code Execution (RCE).
Table Of Content
The Stable channel has been updated to version 147.0.7727.137/138 for Windows and Mac users, while Linux installations will receive version 147.0.7727.137. Google is rolling out this essential update progressively over the coming days and weeks to ensure a smooth and stable deployment across its vast user base.
Understanding the “Use-After-Free” Vulnerabilities
A majority of the severe flaws resolved in this release are “Use-After-Free” memory vulnerabilities. This type of bug arises when an application attempts to access a memory location that has already been deallocated or freed. Such memory mismanagement can lead to unpredictable browser crashes, severe data corruption, and, most critically, arbitrary code execution.
Successful exploitation of these vulnerabilities could allow remote attackers to execute malicious commands on a victim’s machine. This can occur simply by convincing a user to visit a specially crafted malicious webpage. Crucially, these attacks often require no additional user interaction and could potentially bypass Chrome’s built-in sandbox protections, leading to a compromise of the underlying operating system.
Temporary Disclosure Restrictions and Bug Bounties
In line with industry best practices, Google is temporarily restricting public access to specific bug details and exploit links. This measure is implemented until a significant portion of the user base has successfully applied the security patch, thereby preventing threat actors from reverse-engineering the fixes to launch attacks against unpatched systems.
Google has acknowledged the contributions of security researchers by awarding bug bounties. Notable payouts include $16,000 for a high-severity GPU flaw and $7,000 for a critical Canvas issue.
Below is a summary of some of the most critical and highly rewarded vulnerabilities addressed in this Chrome release, as detailed in the official Chrome Releases blog:
- CVE-2026-7363: A critical use-after-free vulnerability discovered in the Canvas component, reported by heapracer, earning a $7,000 bounty.
- CVE-2026-7361: A critical use-after-free vulnerability impacting iOS, identified by Google, with the bounty amount yet to be determined.
- CVE-2026-7344: A critical use-after-free vulnerability found in the Accessibility component, reported by Google, with a pending bounty.
- CVE-2026-7343: A critical use-after-free vulnerability located in the Views component, reported by Google, with a pending bounty.
- CVE-2026-7333: A high-severity use-after-free vulnerability within the GPU component, reported by c6eed09fc8b174b0f3eebedcceb1e792, awarded a $16,000 bounty.
What You Should Do
- Update Immediately: Individuals and network administrators are strongly urged to update their Google Chrome browsers without delay.
- Check for Updates: Navigate to Help → About Google Chrome within your browser to initiate the update process.
- Restart Browser: A quick browser restart is essential to fully apply the latest protections and mitigate risks.
- Enterprise Deployment: Administrators managing enterprise environments should prioritize the rapid deployment of Chrome version 147.0.7727.137/138 across their networks to safeguard against potential intrusions.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.