Chrome versions 144.0.7559.109 and 144.0.7559.110 have been released to the stable channel, addressing a critical security vulnerability in the Background Fetch API.
The update is rolling out across Windows, Mac, and Linux systems over the coming days and weeks, making it essential for users to ensure their browsers are fully updated.
The security fix centers on CVE-2026-1504, a High-severity vulnerability affecting the Background Fetch API implementation.
This vulnerability was identified as an inappropriate implementation that threat actors could potentially exploit.
| CVE ID | Vulnerability | CVSS Score | Component | Reporter | Bounty | Status |
|---|---|---|---|---|---|---|
| CVE-2026-1504 | Inappropriate implementation in Background Fetch API | 7.5 | Background Fetch API | Luan Herrera (@lbherrera_) | $3,000 | Fixed in 144.0.7559.109/.110 |
The issue was discovered and reported by security researcher Luan Herrera on January 9, 2026, and has been awarded a $3,000 bug bounty from Google’s Vulnerability Reward Program.
The Background Fetch API is a web standard that allows web applications to download large files in the background, even when the user has closed the browser tab or navigated away from the website.
This implementation’s vulnerability could enable malicious actors to manipulate background fetch operations. However, specific details of the exploitation remain restricted until the majority of users receive the patch.
This update represents Chrome’s ongoing commitment to security, building on the browser’s multi-layered defense mechanisms.
Google employs advanced detection tools, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL, to identify and prevent security issues from reaching the stable channel.
The Chrome 144.0.7559 update began rolling out immediately. However, it will be distributed gradually over several weeks to ensure system stability and allow for proper monitoring.
Users can manually trigger the update by accessing Chrome settings and checking for updates.
Windows and Mac users should look for version 144.0.7559.109 or .110, while Linux users will see 144.0.7559.109.
Security experts recommend that enterprise and individual users prioritize this update, particularly those who rely on web applications utilizing the Background Fetch API.
Organizations managing large Chrome deployments should monitor the rollout and validate application compatibility during the update window.
A comprehensive list of all changes included in this build is available in the official Chrome commit log.
Users experiencing issues should report them through the bug reporting system or utilize the Chrome community help forum for support.
Google continues to work with security researchers worldwide to strengthen Chrome’s security posture and prevent vulnerabilities from affecting users.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
