InfoSecBulletin Cybersecurity for mankind
Google has released Chrome 144 for Windows, Mac, and Linux, fixing 10 security issues, mainly in the V8 JavaScript engine. The rollout is scheduled to reach users progressively over the coming days and weeks.
Critical Security Patches for V8 Engine:
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
Chrome version 144.0.7559.59 for Linux and 144.0.7559.59/60 for Windows and Mac includes several security upgrades, fixing six of the ten vulnerabilities affecting the V8 JavaScript engine.
CVE-2026-0899 is a major vulnerability in the V8 engine involving out-of-bounds memory access. Google has released Chrome 144 for Windows, Mac, and Linux, fixing 10 security issues, mainly related to the V8 engine.
The rollout is scheduled to reach users progressively over the coming days and weeks.
CVE-2026-0899 is a serious out-of-bounds memory access vulnerability in the V8 engine. This high-risk issue could let attackers access memory beyond its limits, potentially causing data leaks or system breaches.
| CVE ID | Severity | Component | Vulnerability Type |
|---|---|---|---|
| CVE-2026-0899 | High | V8 | Out of bounds memory access |
| CVE-2026-0900 | High | V8 | Inappropriate implementation |
| CVE-2026-0901 | High | Blink | Inappropriate implementation |
| CVE-2026-0902 | Medium | V8 | Inappropriate implementation |
| CVE-2026-0903 | Medium | Downloads | Insufficient validation |
| CVE-2026-0904 | Medium | Digital Credentials | Incorrect security UI |
| CVE-2026-0905 | Medium | Network | Insufficient policy enforcement |
| CVE-2026-0906 | Low | Security UI | Incorrect security UI |
| CVE-2026-0907 | Low | Split View | Incorrect security UI |
| CVE-2026-0908 | Low | ANGLE | Use after free |
Additional V8 fixes include CVE-2026-0900 and CVE-2026-0902, which correct vulnerabilities that could be misused by attackers.
CVE-2026-0901 fixes a flaw in Blink, the engine that renders web content.
The update fixes security problems in the Digital Credentials and Split View features. Researcher Hafiizh was rewarded $1,500 for spotting these issues.
A medium-severity vulnerability (CVE-2026-0903) related to input validation in Downloads was fixed, along with network policy enforcement issues.
Google recognized external security researchers for identifying eight of the ten vulnerabilities and awarded over $18,500 in bug bounty rewards.
Users must update their Chrome browsers now for security improvements. Browsers usually update automatically, but users can manually check by going to Settings > About Chrome.
