In order to fix a high-severity security vulnerability impacting the Background Fetch API, Google has formally released a stable channel update for the Chrome browser This article explores impacting background fetch. . With this update, the browser version is now 144.0.7559.109/.110 for Windows and macOS users and 144.0.7559.109 for Linux users.

The release is presently being made available to users worldwide. One particular security fix that was provided by an outside researcher is included. Analysis of Background Fetch API Flaws CVE-2026-1504, a high-severity vulnerability characterized as a "Inappropriate implementation in Background Fetch API," is the main focus of this update. A crucial part of contemporary web applications is the Background Fetch API, which enables programmers to manage massive downloads and uploads (like movies or audio files) in the background.

CVE-2026-1504 High Inappropriate Implementation in Background CVE ID Severity Description Reward Get $3,000 from the API It guarantees that these procedures carry on even in the event that the user shuts down the browser or the program generates a service worker to oversee the transfer. The vulnerability shows a weakness in Chrome's implementation of this API's security boundaries or logic. Although Google hasn't made the exact exploit chain public to stop threat actors from abusing it, "inappropriate implementation" typically implies that security checks could be circumvented by manipulating the API, which could permit unauthorized data handling or state confusion during background transfers.

On January 9, 2026, a security researcher reported this problem. Google offered a $3,000 reward for the discovery after the disclosure and patch verification.

Google is limiting access to the complete bug details and links until the majority of users have applied the fix, in compliance with standard security procedures. In order to stop hackers from reverse-engineering the patch and creating exploits before businesses and individuals have time to secure their browsers, this delay is crucial. If the bug is present in a third-party library that other projects rely on, the restriction also holds true.

In order to stop many vulnerabilities from making it to the stable channel, Google's internal security teams also employ tools like AddressSanitizer, MemorySanitizer, and LibFuzzer to find bugs throughout the development cycle. Nevertheless, CVE-2026-1504 was discovered externally. It is recommended that users go to Help > About Google Chrome in their browser menu to manually check for the update.

In order to install version 144.0.7559.109/110, the browser will check for the update and request a restart.