The stable channel update rolled out on January 13, 2026, for Windows, Mac, and Linux, with versions 144.0.7559.59 (Linux) and 144.0.7559.59/60 (Windows/Mac) now available via the standard update mechanism.
The release prioritizes remedying fundamental flaws in Chrome’s JavaScript engine.
Security researchers identified multiple out-of-bounds memory access and improper implementation issues that could enable arbitrary code execution and sandbox escape, posing a substantial risk in production environments.
Google awarded $8,000 to researcher @p1nky4745 for discovering CVE-2026-0899, a high-severity out-of-bounds memory access vulnerability first reported in November 2025.
The update resolves security issues across a diverse set of components beyond the V8 engine, including the Blink rendering engine, download handling mechanisms, digital credential systems, network policy enforcement, and user interface security implementations.
Four vulnerabilities received “High” severity classifications, four were rated “Medium,” and two as “Low” risk. Security researchers and bug bounty participants received compensation ranging from $500 to $8,000 for their contributions to the vulnerability disclosure process.
| CVE ID | Severity | Component | Description | Reporter | Date | Reward |
|---|---|---|---|---|---|---|
| CVE-2026-0899 | High | V8 | Out of bounds memory access | @p1nky4745 | 2025-11-08 | $8,000 |
| CVE-2026-0900 | High | V8 | Inappropriate implementation | 2025-12-03 | TBD | |
| CVE-2026-0901 | High | Blink | Inappropriate implementation | Irvan Kurniawan (sourc7) | 2021-10-04 | TBD |
| CVE-2026-0902 | Medium | V8 | Inappropriate implementation | 303f06e3 | 2025-12-16 | $4,000 |
| CVE-2026-0903 | Medium | Downloads | Insufficient validation of untrusted input | Azur | 2025-09-13 | $3,000 |
| CVE-2026-0904 | Medium | Digital Credentials | Incorrect security UI | Hafiizh | 2025-10-15 | $1,000 |
| CVE-2026-0905 | Medium | Network | Insufficient policy enforcement | 2025-12-02 | TBD | |
| CVE-2026-0906 | Low | UI | Incorrect security UI | Khalil Zhani | 2025-12-10 | $2,000 |
| CVE-2026-0907 | Low | Split View | Incorrect security UI | Hafiizh | 2025-09-12 | $500 |
| CVE-2026-0908 | Low | ANGLE | Use after free | Glitchers BoB 14th. | 2025-10-15 | TBD |
Google acknowledged the critical role played by the security research community, noting that many vulnerabilities are detected through automated tooling, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity mechanisms, libFuzzer, and AFL (American Fuzzy Lop).
This integrated approach to vulnerability detection demonstrates Google’s continued investment in automated security analysis capabilities.
Users should update through Chrome’s built-in update mechanism or manually download the latest version from the official Chrome website.
Google will deploy the update gradually across its user base over the coming days and weeks to ensure a stable rollout and minimize disruption to enterprise environments.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Chrome 144 Released with Fixes for 10 Vulnerabilities in the V8 Engine appeared first on Cyber Security News.
Anthropic has revealed the staggering initial results of Project Glasswing, a collaborative cybersecurity initiative designed…
In case you missed it and have been living under a rock, Shrek is back.…
Hackers are using telecom networks and hosting providers across the Middle East as a foundation…
A large-scale phishing campaign targeting the 2026 FIFA World Cup has grown far beyond what…
Russian state-sponsored threat groups significantly stepped up their cyber operations in 2025, using a range…
A widely-used JavaScript templating library called art-template has been weaponized to deliver a sophisticated iOS…
This website uses cookies.