Chrome 144 Arrives with 10 Urgent Security Patches

Google Chrome has ascended to version 144 within the stable channel, marking an update where the imperative for installation rests as much upon robust security as it does upon novel features. The Google engineering team has commenced the deployment of this release across Windows, macOS, and Linux platforms, ensuring a progressive rollout to the global user base in the coming days.

The stable channel now hosts builds 144.0.7559.59 for Linux and 144.0.7559.59/60 for Windows and Mac. As is customary, the update integrates a suite of refinements and systemic enhancements, the exhaustive details of which are preserved in the official change log. Google has further intimated that comprehensive explorations of the significant architectural shifts and capabilities inherent in version 144 will be disclosed in forthcoming Chrome and Chromium dev-blog entries.

The quintessential element of this release is its defensive fortification. Chrome 144 remediates ten distinct vulnerabilities. Google has conspicuously maintained its policy of strategic reticence, temporarily withholding granular details of certain bugs until a majority of the user base is shielded. This obfuscation is a deliberate maneuver to thwart adversaries seeking to weaponize these exploits before mass patching is achieved, particularly when the flaw resides in a shared third-party library.

Prominent among the critical remediations are issues identified within the V8 and Blink engines. Specifically, CVE-2026-0899—an out-of-bounds memory access vulnerability in the V8 JavaScript engine—was neutralized, with the discovering researcher garnering an $8,000 bounty. Two additional vulnerabilities, CVE-2026-0900 and CVE-2026-0901, were also addressed; the former pertains to V8, while the latter affects Blink and appears to have remained latent since its initial discovery in October 2021.

Medium-severity vulnerabilities predominantly involve the intricate processing of code and data. CVE-2026-0902, characterized as an inappropriate implementation within V8, earned its discoverer a $4,000 reward. CVE-2026-0903 concerns insufficient validation of untrusted input within the download mechanism, resulting in a $3,000 bounty for the researcher known as Azur. Furthermore, CVE-2026-0904 addresses a flaw in the display of security UI elements within the Digital Credentials feature, while CVE-2026-0905 remedies inadequate policy enforcement in the networking component.

Several low-rated vulnerabilities were also expunged, primarily those concerning the security interface that could potentially mislead users, alongside a “use-after-free” defect in ANGLE (CVE-2026-0908). Google extended its profound gratitude to the external researchers whose vigilance prevented these flaws from reaching the stable production environment. The corporation also reminded the community that a significant portion of these defects is identified via sophisticated automated instrumentation, including AddressSanitizer, MemorySanitizer, and various advanced fuzzing tools like AFL.

For those with autonomous updates enabled, Chrome will transition to the new version seamlessly. However, for users who favor manual intervention, an immediate verification of updates is strongly advocated, given that these patches fortify the browser’s most critical structural components.