Google has officially released Chrome 144 to the stable channel for Windows, Mac, and Linux, addressing 10 security vulnerabilities with a primary focus on the V8 JavaScript engine.
The rollout is scheduled to reach users progressively over the coming days and weeks.
Critical Security Patches for V8 Engine
Chrome version 144.0.7559.59 for Linux and 144.0.7559.59/60 for Windows and Mac brings multiple security improvements, with six of the ten fixed vulnerabilities directly affecting the V8 JavaScript engine.
The most severe issue, CVE-2026-0899, involves an out-of-bounds memory access vulnerability in the V8 engine.
This high-severity flaw could allow attackers to access memory outside allocated boundaries, leading to information disclosure or system compromise.
| CVE ID | Severity | Component | Vulnerability Type |
|---|---|---|---|
| CVE-2026-0899 | High | V8 | Out of bounds memory access |
| CVE-2026-0900 | High | V8 | Inappropriate implementation |
| CVE-2026-0901 | High | Blink | Inappropriate implementation |
| CVE-2026-0902 | Medium | V8 | Inappropriate implementation |
| CVE-2026-0903 | Medium | Downloads | Insufficient validation |
| CVE-2026-0904 | Medium | Digital Credentials | Incorrect security UI |
| CVE-2026-0905 | Medium | Network | Insufficient policy enforcement |
| CVE-2026-0906 | Low | Security UI | Incorrect security UI |
| CVE-2026-0907 | Low | Split View | Incorrect security UI |
| CVE-2026-0908 | Low | ANGLE | Use after free |
Additional V8-related fixes include CVE-2026-0900 and CVE-2026-0902, both of which address improper implementations thatĀ could be exploited by malicious actors.
Beyond V8 engine fixes, Chrome 144 addresses vulnerabilities across multiple browser components.
CVE-2026-0901 resolves an inappropriate implementation in Blink, the rendering engine responsible for displaying web content.
The update also addresses security issues in the Digital Credentials and Split View features, with researcher Hafiizh receiving rewards totaling $1,500 for identifying these flaws.
A medium-severity vulnerability in Downloads (CVE-2026-0903) affecting input validation was fixed, along with network policy enforcement issues.
Google credited external security researchers with discovering eight of the ten vulnerabilities and paid out over $18,500 in bug bounty rewards.
Users should update their Chrome browsers immediately to benefit from these security enhancements.
The browser typically updates automatically, but users can manually check for updates by navigating to Settings > About Chrome.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
