A new Stable-channel release of Chrome version 144 addresses a high-severity vulnerability in the V8 JavaScript engine.
The update, version 144.0.7559.96/.97 for Windows and Mac and 144.0.7559.96 for Linux, began rolling out on January 21, 2026, and will reach all users over the coming days and weeks.
The security patch resolves CVE-2026-1220, a race condition in V8 reported by a security researcher on January 7, 2026.
| CVE ID | Severity | Component | Description |
|---|---|---|---|
| CVE-2026-1220 | High | V8 | Race condition |
Critical V8 Vulnerability
The flaw could be exploited through specially crafted web content, potentially resulting in memory corruption, browser instability, or arbitrary code execution. Due to the browser’s widespread use, successful exploitation could affect millions of users globally
Race conditions occur when multiple processes access shared resources simultaneously, potentially allowing attackers to execute malicious code, crash the browser, or access sensitive information.
V8 is Chrome’s core JavaScript engine, making this vulnerability particularly concerning as it affects nearly all web-based functionality. Google has classified this as a high-severity issue, indicating significant risk to users.
The company typically restricts access to detailed bug information until most users receive the update, preventing threat actors from exploiting the vulnerability before patches are widely deployed.
The Chrome 144 update follows Google’s standard release cycle, with deployment gradually rolling out across platforms and regions.
Users can verify their current version by navigating to Settings > About Chrome, which automatically checks for updates and prompts installation if needed.
Chrome’s security team emphasizes that many vulnerabilities are detected using advanced automated tools, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.
These tools help identify memory corruption issues, undefined behavior, and other security flaws before they reach the stable channel.
Enterprise administrators managing Chrome deployments across organizations should prioritize this update given its high severity.
The full changelog is available through the official Chromium source repository, providing technical details about all changes in this build.
Google acknowledged the security research community’s contributions, thanking researchers who work with the Chrome team during development cycles to prevent security bugs from reaching end users.
Users are strongly encouraged to update their browsers immediately. Chrome typically updates automatically in the background, but manual verification ensures protection against this V8 race condition.
The Chrome security page provides additional information about the browser’s security architecture and ongoing initiatives to protect users from emerging threats.
Google maintains its commitment to transparency while balancing responsible disclosure practices that protect users during the update rollout period.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
