Google has released an urgent security update for its Chrome browser, addressing multiple high-risk vulnerabilities that could allow attackers to execute arbitrary code and take full control of affected systems. The update, Chrome 147, was rolled out globally on April 7, 2026, and is available for Windows, macOS, and Linux users.
At the heart of this update are two c in Chrome’s WebML component, identified as CVE-2026-5858 and CVE-2026-5859. These flaws involve memory corruption issues—specifically heap buffer overflow and integer overflow—that can be exploited to achieve remote code execution. In practical terms, this means an attacker could run malicious code on a victim’s system simply by luring them to a specially crafted webpage.
What makes these vulnerabilities particularly dangerous is how little user interaction is required. In many cases, visiting a malicious website is enough to trigger the exploit. This significantly increases the risk, especially in phishing campaigns where users may unknowingly click on harmful links.
Beyond these critical issues, Chrome 147 also patches numerous high-severity vulnerabilities across key browser components, including V8, WebRTC, Blink, Media, Skia, and ANGLE. These flaws range from use-after-free errors and type confusion bugs to out-of-bounds memory access issues. If exploited, they could lead to browser crashes, sensitive data exposure, or complete system compromise.
To reduce the risk of immediate exploitation, Google has limited the release of detailed technical information about these vulnerabilities. This approach gives users and organizations time to apply patches before attackers can develop reliable exploits, while also protecting other software projects that rely on shared components.
Security researchers were awarded $43,000 in bug bounties for responsibly disclosing these vulnerabilities, underscoring their severity and the importance of coordinated vulnerability reporting.
Given the active threat landscape, timely patching is critical. Users are strongly advised to update their browsers to the latest version—147.0.7727.55 for Linux and 147.0.7727.55/56 for Windows and macOS. Updating can be done easily through Chrome’s settings by navigating to the “About” section, where the browser will automatically download and install the latest version.
This update serves as a reminder that modern browsers remain a primary attack surface for cybercriminals. Keeping software up to date is one of the simplest yet most effective ways to defend against evolving threats.
Recommended Cyber Technology News :
- CrowdStrike Gains Rating Boost on AI Cyber Defense Deal
- Cyber Defense Group Telarus Partnership Boosts Cybersecurity
- Rubrik Strengthens Cyber Resilience for Google Workspace
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
