Google Patches 10 Chrome Vulnerabilities (Including Critical V8 Flaws)
Google’s new Chrome update patches 10 holes—including three high-severity V8 bugs that could crash your system or let attackers run code.
Introduction
Google just pushed a critical security update for Chrome, and it's important. It addresses 10 vulnerabilities, including three high-severity flaws that could let attackers run malicious code on your machine or crash it entirely.
The update brings Chrome to version 144.0.7559.59/60 and mostly targets the V8 JavaScript engine—the part of the browser that handles web code. Security researchers are warning that these aren’t just theoretical bugs; typically, all an attacker needs is for you to visit a weirdly crafted website.
While Google says nobody is actively using these exploits in the wild yet, they are urging everyone to update now before the technical details get out and hackers start reverse-engineering them.
What Happened?
On January 13, 2026, Google rolled out Chrome version 144.0.7559.59/60 for Windows and macOS, and 144.0.7559.59 for Linux.
The patch fixes 10 issues found by external researchers. Three are high-severity, which means ignoring them is a bad idea. The nasty ones are in V8 (Chrome’s engine for running web code):
- CVE-2026-0899: An out-of-bounds memory access bug found by researcher @p1nky4745. Google paid out an $8,000 bounty for this one.
- CVE-2025-10891 & CVE-2025-10892: Two integer overflow bugs found internally by Google’s Big Sleep research team.
Google is also patching issues in the Blink rendering engine, download handling, and digital credentials. They are keeping the deep technical details quiet for now. That’s standard procedure—it stops hackers from building exploits before most people have had a chance to update.
This follows a busy year for the Chrome security team, which had to squash at least eight zero-day attacks that were actively being used against users.
Why It Matters
Here is the reality: these bugs are dangerous.
The memory access flaw (CVE-2026-0899) could let attackers peek at sensitive data in your browser memory—think passwords, authentication tokens, or personal info—that should be off-limits.
The other two bugs (the integer overflows) are even messier. They can crash your browser tabs (annoying) or, in the worst case, let a skilled attacker run their own code on your computer with the same rights as your browser.
And they don’t need your password to do it. They just need you to visit a malicious website. That could be a link in a phishing email, a sketchy ad on a site you usually trust, or a social engineering trap. If you click, the exploit triggers. No extra clicks required.
Since Chrome has about 3 billion users, the target list is massive. Plus, this affects Android apps that use WebView to display web pages, so the risk bleeds into the mobile world too.
How to Fix It
Update Chrome Now
Chrome usually updates itself, but don’t assume it has happened yet.
- Go to Settings > Help > About Google Chrome.
- If there is an update waiting, it will start downloading.
- You have to restart the browser to finish the job.
For reference, the secure versions are:
- Desktop: 144.0.7559.59/60
- Android: 144.0.7559.59
- iOS: 144.0.7559.85
Check Your Other Browsers
If you use Edge, Brave, Vivaldi, or Opera, you’re likely vulnerable too since they run on the same engine. Keep an eye out for their updates—they usually drop a few days after Google’s.
Turn on Enhanced Protection
If you want an extra layer of safety, go to Settings > Privacy and Security > Security, then turn on “Enhanced Protection.” It checks for dangerous sites and downloads in real-time.
For IT Managers
If you manage a fleet of computers, push this update via your standard policies. Double-check your extension allowlists while you are at it to keep things tight. The window between “patch released” and “hackers figuring it out” is shrinking, so speed is your best defense here.
