By rssfeeds-admin 
Released on April 15, 2026, this Stable Channel update requires immediate attention from users worldwide, as the most severe flaws could allow attackers to execute arbitrary code on targeted machines.
The latest Chrome update, bringing the browser to version 147.0.7727.101/102 for Windows and macOS, and 147.0.7727.101 for Linux, tackles a massive batch of security defects.
Of the 31 fixes included in this release, five are rated “Critical,” the highest risk level for end users.
If successfully exploited, these vulnerabilities could enable cybercriminals to run malicious programs, manipulate sensitive data, or take full control of a compromised system without requiring administrative privileges.
According to the official Google Chrome release notes, the company has paid substantial bug bounties to independent security researchers who discovered these flaws, underscoring the severity of the issues it has patched.
Critical Chrome Vulnerabilities Patched
The most pressing issues in this security patch involve memory mismanagement and buffer overflows.
Here is a breakdown of the five critical vulnerabilities patched in this update:
- CVE-2026-6296: Identified as a heap buffer overflow vulnerability in the ANGLE graphics engine. Reported by researcher “cinzinga” on March 5, 2026, this flaw earned a massive $90,000 reward.
- CVE-2026-6297: A use-after-free weakness located in the Proxy component. Discovered by “heapracer” on March 17, 2026, this submission fetched a $10,000 bounty.
- CVE-2026-6298: Another dangerous heap buffer overflow, this time affecting the Skia 2D graphics library.
- CVE-2026-6299: A use-after-free vulnerability was found in the Prerender function, discovered internally by Google engineers.
- CVE-2026-6358: A critical use-after-free issue in the XR (Extended Reality) component, reported by researchers at Seoul National University.
Alongside these critical flaws, the update also resolves multiple “High” severity issues, including type confusion in Turbofan and out-of-bounds read errors in the Media component.
Arbitrary code execution is one of the most dangerous types of cybersecurity threats.
By exploiting memory corruption flaws like heap buffer overflows or use-after-free bugs, threat actors can bypass browser security sandboxes.
Once they gain initial access, attackers can silently install malware, deploy ransomware, or create rogue user accounts with extensive system privileges. Home users and enterprise networks are equally at risk if devices remain unpatched.
Mitigations
To protect your personal data and corporate networks, users and administrators must apply this update immediately.
Follow these simple steps to ensure your browser is secure:
- Open your Google Chrome browser.
- Click on the three-dot menu located in the top-right corner of the window.
- Scroll down to “Help” and select “About Google Chrome”.
- Chrome will automatically check for new updates and begin downloading version 147.0.7727.101 or 147.0.7727.102.
- Once the download is complete, click the “Relaunch” button to apply the patches.
Google notes that access to specific bug details will remain restricted until a majority of the user base has successfully updated their browsers.
This responsible disclosure practice prevents threat actors from reverse-engineering the patches to create working exploits.
Stay vigilant and verify your browser version today to defend against these critical vulnerabilities.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now! appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.