Critical Chrome Vulnerabilities Enables Remote Code Execution Attacks

HomeChrome Critical Chrome Vulnerabilities Enables Remote Code Execution Attacks By Abinaya April 29, 2026 Google has released a critical security update for its Chrome desktop browser to address 30 security vulnerabilities, including four severe flaws that could enable Remote Code Execution (RCE) attacks. The Stable channel has been updated to version 147.0.7727.137/138 for Windows and Mac, and to 147.0.7727.137 for Linux. Google is rolling out this update gradually over the coming days and weeks to ensure a stable deployment. The majority of the severe flaws patched in this release are “Use-After-Free” memory vulnerabilities. A Use-After-Free bug occurs when an application attempts to access memory space that has already been freed or deallocated. This memory mismanagement can lead to unexpected browser crashes, severe data corruption, and, most dangerously, arbitrary code execution. If successfully exploited, these vulnerabilities allow remote attackers to run malicious commands on a victim’s machine simply by convincing the user to visit a specially crafted malicious webpage. This requires no additional user interaction and could allow hackers to bypass Chrome’s built-in sandbox protections, potentially compromising the underlying system. Critical Chrome Vulnerabilities Google is temporarily restricting access to specific bug details and exploit links until a vast majority of the user base has successfully applied the security patch. This industry standard practice prevents threat actors from reverse-engineering fixes to launch attacks against unpatched, vulnerable systems. Google awarded bug bounties to researchers, including $16,000 for a high-severity GPU flaw and $7,000 for a critical Canvas issue. Below is a summary of the most critical and highly rewarded vulnerabilities addressed in this Chrome release: CVE-2026-7363 is a critical use-after-free vulnerability in the Canvas component, reported by heapracer, with a $7,000 bounty. CVE-2026-7361 is a critical use-after-free vulnerability affecting iOS, reported by Google, with the bounty yet to be determined. CVE-2026-7344 is a critical use-after-free vulnerability in the Accessibility component, reported by Google, with a pending bounty. CVE-2026-7343 is a critical use-after-free vulnerability in the Views component, reported by Google, with a pending bounty. CVE-2026-7333 is a high-severity use-after-free vulnerability in the GPU component, reported by c6eed09fc8b174b0f3eebedcceb1e792, with a $16,000 bounty. To protect against potential exploitation, individuals and network administrators are strongly advised to update their Google Chrome browsers immediately. Check for updates in Google Chrome via Help → About Google Chrome, then restart the browser to apply them. A quick browser restart is required to apply the latest protections fully. Administrators managing enterprise environments should prioritize the rapid deployment of Chrome version 147.0.7727.137/138 across their networks to prevent potential intrusions. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News North Korean Hackers Attacking Drug Companies to Deploy Malware Via Weaponized Excel Files New Malware Uses Obfuscation and Staged Payload Delivery to Evade Detection Vidar Malware Hides Second-Stage Payloads in JPEG and TXT Files to Evade Detection Bitwarden CLI Compromised in Supply Chain Attack via GitHub Actions Popular PyPI Package With 1 Million Monthly Downloads Hacked to Inject Malicious Scripts Latest News Cyber Security News New BlueNoroff Campaign Uses Fileless PowerShell and AI-Generated Zoom Lures Cyber Security News cPanel Warns of Critical Authentication Flaw – Emergency Patch Released ANY.RUN New BlobPhish Attack Leverages Browser Blob Objects to Steal Users’ Login Credentials Cyber Security Critical GitHub.com and Enterprise Server RCE Vulnerability Enables Full Server Compromise Cyber Security Microsoft Confirms Remote Desktop Warnings May Display Incorrectly After April Update