Google patched 30 security flaws in Chrome 147, including four critical use-after-free bugs enabling remote code execution through malicious webpages.
Google has released a critical security update for Chrome desktop browser to address 30 security vulnerabilities, including four severe flaws that could enable remote code execution attacks. The Stable channel has been updated to version 147.0.7727.137/138 for Windows and Mac, and 147.0.7727.137 for Linux. The update is being rolled out gradually over the coming days and weeks.
The majority of the severe flaws patched are Use-After-Free memory vulnerabilities, where an application attempts to access memory space that has already been deallocated. This memory mismanagement can lead to browser crashes, data corruption, and arbitrary code execution. If successfully exploited, these vulnerabilities allow attackers to run malicious commands on a victim’s machine simply by convincing the user to visit a specially crafted webpage, requiring no additional user interaction.
Key CVEs addressed include CVE-2026-7363 (critical use-after-free in Canvas, $7,000 bounty), CVE-2026-7361 (critical use-after-free on iOS), CVE-2026-7344 (critical use-after-free in Accessibility), CVE-2026-7343 (critical use-after-free in Views), and CVE-2026-7333 (high-severity GPU flaw, $16,000 bounty).
Users should update Chrome immediately via Help > About Google Chrome and restart the browser. Enterprise administrators should prioritize deploying version 147.0.7727.137/138 across their networks to prevent potential intrusions.
Source: Cyber Security News — Critical Chrome Vulnerabilities Enable Remote Code Execution Attacks
