Google has launched Chrome 144 for desktop platforms, addressing ten security vulnerabilities including multiple high-severity flaws in the V8 JavaScript engine.
The stable channel update began rolling out on January 13, 2026, for Windows, Mac, and Linux systems.
Chrome 144.0.7559.59 (Linux) and 144.0.7559.59/60 (Windows/Mac) deliver security improvements alongside performance enhancements.
The update follows Google’s standard release cycle, with deployment occurring gradually over the coming days and weeks to ensure stable distribution across the user base.
Critical V8 Engine Patches
The release targets fundamental vulnerabilities in Chrome’s JavaScript processing capabilities.
Security researchers identified multiple out-of-bounds memory access and inappropriate implementation issues in the V8 engine that could enable arbitrary code execution or sandbox escapes.
Google awarded $8,000 to @p1nky4745 for discovering CVE-2026-0899, a high-severity out-of-bounds memory access flaw reported in November 2025.
The update resolves vulnerabilities across multiple components including Blink rendering engine, download handling, digital credentials, network policies, and UI security implementations.
Four vulnerabilities received “High” severity ratings, four were classified as “Medium,” and two as “Low” risk. External researchers received bug bounty rewards ranging from $500 to $8,000 for their contributions.
| CVE ID | Severity | Component | Description | Reporter | Date | Reward |
|---|---|---|---|---|---|---|
| CVE-2026-0899 | High | V8 | Out of bounds memory access | @p1nky4745 | 2025-11-08 | $8,000 |
| CVE-2026-0900 | High | V8 | Inappropriate implementation | 2025-12-03 | TBD | |
| CVE-2026-0901 | High | Blink | Inappropriate implementation | Irvan Kurniawan (sourc7) | 2021-10-04 | TBD |
| CVE-2026-0902 | Medium | V8 | Inappropriate implementation | 303f06e3 | 2025-12-16 | $4,000 |
| CVE-2026-0903 | Medium | Downloads | Insufficient validation of untrusted input | Azur | 2025-09-13 | $3,000 |
| CVE-2026-0904 | Medium | Digital Credentials | Incorrect security UI | Hafiizh | 2025-10-15 | $1,000 |
| CVE-2026-0905 | Medium | Network | Insufficient policy enforcement | 2025-12-02 | TBD | |
| CVE-2026-0906 | Low | UI | Incorrect security UI | Khalil Zhani | 2025-12-10 | $2,000 |
| CVE-2026-0907 | Low | Split View | Incorrect security UI | Hafiizh | 2025-09-12 | $500 |
| CVE-2026-0908 | Low | ANGLE | Use after free | Glitchers BoB 14th. | 2025-10-15 | TBD |
Google acknowledged the security research community’s contributions and noted that many vulnerabilities are detected using automated tools including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.
Users can update through Chrome’s built-in update mechanism or download the latest version from the official Chrome website.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
