Chrome's Random Code Vulnerabilities In order to fix two high-severity vulnerabilities that could expose users to arbitrary code execution (ACE) and denial-of-service (DoS) attacks, Google has released a critical security update for the Chrome Stable channel This article explores security update chrome. . The browser version is pushed to 144.0.7559.132/.133 for Linux and 144.0.7559.132/.133 for Windows and macOS.

The rollout will take place over the next few days and weeks, the tech behemoth confirmed. These patches specifically address memory corruption problems in the video processing libraries and JavaScript engine of the browser. Learn more Solutions for data security Apps for secure messaging Training in security awareness Safe web hosting Security plugin for WordPress Modules for hardware security Cybersecurity Cyber Security of computers Reports of security vulnerabilities Two particular security flaws, both rated as "High" severity, are fixed by the update.

In order to successfully exploit these vulnerabilities, a user usually needs to visit a specially designed website that can activate the exploit within the renderer process of the browser. CVE-2026-1862: V8 Type Confusion V8, Google's open-source, high-performance JavaScript and WebAssembly engine, has the biggest defect. When an incompatible type—such as treating an integer as a pointer—is used to fool the engine into accessing a memory resource, type confusion vulnerabilities arise.

V8 type confusion bugs are often used by attackers to manipulate memory pointers. They can read or write memory out of bounds thanks to this manipulation, which could result in arbitrary code execution inside the sandboxed environment. Researcher Chaoyuan Peng (@ret2happy) reported this vulnerability.

CVE-2026-1861: libvpx Heap Buffer Overflow The reference software library for the VP8 and VP9 video coding formats, libvpx, is the source of the second vulnerability. When a process tries to write more data to a fixed-length memory buffer than it can accommodate, a heap buffer overflow happens. A malformed video stream could be embedded on a webpage by an attacker in this situation.

The overflow could contaminate nearby memory on the heap when Chrome tries to process this video using libvpx. This typically causes a denial-of-service attack (DoS), but it can also be combined with other exploits to execute code.

CVE-2026-1862 High Type Confusion Reported CVE ID Severity Description Component Chaoyuan Peng V8 Engine CVE-2026-1861 Google Internal Mitigations for High Heap Buffer Overflow libvpx Google has kept bug details under wraps until the majority of users have updated, so it has not revealed whether these exploits are currently being used in the wild (zero-day status). However, there is still a significant risk of weaponization due to the nature of V8 and heap overflow vulnerabilities. It is recommended that users and enterprise administrators update right away.

To confirm the installation: Go to Menu > Help > About Google Chrome after launching Chrome. To apply version 144.0.7559.132 or later, make sure the browser restarts and checks for updates. For daily cybersecurity updates, use X, LinkedIn, and X. To have your stories featured, get in touch with us.