What happened
The Chrome 144 security update introduces patches in Google Chrome 144.0.7559 across Windows, Mac, and Linux, addressing ten vulnerabilities, six of which impact the V8 JavaScript engine. The most severe issue (CVE-2026-0899) involves out-of-bounds memory access that could lead to information disclosure or system compromise. Additional fixes cover improper implementations in Blink, input validation in Downloads, and security UI issues. External researchers contributed to eight of the ten discoveries through Google’s bug bounty program. The release is rolling out progressively to users.Â
Who is affected
Users of Google Chrome across desktop platforms are exposed to potential exploitation of these vulnerabilities until they update to Chrome 144; enterprise environments with managed browsers also face risk prior to patch deployment.Â
Why CISOs should care
Browser vulnerabilities are a common vector for compromise, and high-severity flaws in widely used engines like V8 can lead to remote code execution or data exposure; rapid adoption of patched versions reduces the window for exploitation.Â
3 practical actions
- Update browsers promptly: Deploy Chrome 144 to all end-user systems to mitigate known flaws.
- Verify patch compliance: Audit enterprise browser versions and enforce update policies.
- Monitor CVE feeds: Track vulnerabilities in core browser components to anticipate security impacts.