Critical Chrome Flaws Allow Arbitrary Code Execution

Google has released an urgent security update for its Chrome web browser to address 31 vulnerabilities, including five rated as critical. The stable channel has been updated to version 147.0.7727.101/102 for Windows and Mac, and 147.0.7727.101 for Linux.

This update is currently rolling out globally over the coming days and weeks. Users are strongly advised to update their browsers immediately to protect against potential arbitrary code execution and memory corruption attacks.

The most severe vulnerabilities patched in this update could allow remote attackers to execute arbitrary code by directing users to a maliciously crafted HTML page.

When successfully exploited, attackers could gain unauthorized access, manipulate system data, or cause the browser to crash entirely. The critical flaws affect core Chrome components, including ANGLE, Proxy, Skia, Prerender, and XR.

Memory safety bugs, such as “use after free” and “heap buffer overflow,” heavily dominate this patch cycle, highlighting the continuous challenges in managing browser memory securely.

As part of its ongoing vulnerability reward program, Google paid out substantial bounties to the independent security researchers who responsibly disclosed these flaws.

The highest disclosed reward was $90,000 for a critical heap buffer overflow vulnerability in the ANGLE component (CVE-2026-6296), reported on March 5, 2026.

Another researcher received $10,000 for discovering a use-after-free issue in the Proxy component (CVE-2026-6297). Several other high-severity vulnerability rewards have yet to be determined by the tech giant.

Mitigation and Updates

Google often restricts public access to specific bug details and exploit links until a majority of users have installed the necessary fixes. This delay prevents threat actors from weaponizing the vulnerabilities before systems are patched.

In the meantime, updating your browser should be a top priority for all individuals and organizations.

To ensure your system is protected, navigate to the Chrome menu (the three vertical dots in the top right), select “Help,” and click on “About Google Chrome.”

The browser will automatically check for the latest version, download the update, and prompt you to restart once the installation is complete.

The update patches a total of 31 security flaws. Below is a comprehensive table of the disclosed Common Vulnerabilities and Exposures (CVEs) addressed in this release:

Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.