Chrome 144 Released, Fixing 10 V8 Engine Vulnerabilities

Date of Data Posted: 2026‑01‑14

What You Need to Be Aware Of

  • Google has rolled out Chrome 144 for Windows, macOS and Linux, addressing ten security issues concentrated in the V8 JavaScript engine.
  • The most critical flaw, CVE‑2026‑0899, is an out‑of‑bounds memory access that could allow attackers to read or corrupt memory, potentially leading to remote code execution.
  • Eight of the ten bugs were discovered by external researchers and awarded over $18,500 in bug‑bounty rewards, indicating a robust security program but also a high threat surface.

How It Might Effect You

  • System Integrity – Unpatched browsers may let malicious scripts escape the sandbox, read local files or hijack user sessions. This could compromise confidential data or provide persistence on your endpoints.
  • Compliance & Audit – Many regulations (PCI‑DSS, HIPAA) mandate timely patching of web browsers used in corporate environments. Failure to update could result in audit findings and potential fines.

Mitigation Steps

  1. Immediate Actions
    1. Open Chrome and navigate to Settings > About Chrome; the browser will automatically download and install the latest patch.
    2. If automatic updates are disabled, manually run the installer from the official Google site or your OS package manager (e.g., sudo apt update && sudo apt upgrade google-chrome-stable for Debian/Ubuntu).
    3. Verify the installed version: it should be 144.0.7559.59 on Linux and 144.0.7559.59/60 on Windows/macOS.
  2. Long‑Term Measures
    • Enable auto‑updates for all browsers across your fleet to ensure continuous protection.
    • Incorporate browser version checks into your vulnerability management workflow; set alerts when Chrome moves past the 144 series.
    • Review and harden other components of the V8 engine (e.g., disable unused JavaScript features in corporate policy) if you have custom web applications.
    • Maintain a bug‑bounty program or partner with security researchers to surface new issues early.

Sources
Chrome 144 Released, Fixing 10 V8 Engine Vulnerabilities2026‑01‑14
Google Security Blog: Chrome 144 release notes2026‑01‑14