CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 21, 2026

Critical Chrome Vulnerabilities Enable Remote Code Execution Attacks – Patch Now!

Cybersecurity News Archived May 21, 2026 ✓ Full text saved

Google has released an urgent security update for Chrome, addressing 16 vulnerabilities including two rated Critical that could allow attackers to execute arbitrary code on affected systems. The Stable channel has been updated to 148.0.7778.178/179 for Windows and Mac, and 148.0.7778.178 for Linux, with the rollout expected to complete over the coming days. Critical Chrome […] The post Critical Chrome Vulnerabilities Enable Remote Code Execution Attacks – Patch Now! appeared first on Cyber Secur

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeChrome Critical Chrome Vulnerabilities Enable Remote Code Execution Attacks – Patch Now! By Abinaya May 21, 2026 Google has released an urgent security update for Chrome, addressing 16 vulnerabilities including two rated Critical that could allow attackers to execute arbitrary code on affected systems. The Stable channel has been updated to 148.0.7778.178/179 for Windows and Mac, and 148.0.7778.178 for Linux, with the rollout expected to complete over the coming days. Critical Chrome Vulnerabilities Patched The two most severe flaws both carry a Critical severity rating and were reported internally by Google on April 20, 2026: CVE-2026-9111 — A Use-After-Free vulnerability in WebRTC, which could be exploited to corrupt memory and achieve remote code execution through a maliciously crafted web page. CVE-2026-9110 — An Inappropriate Implementation flaw in the UI layer, which could allow attackers to bypass security restrictions or spoof browser interface elements. Use-after-free bugs are particularly dangerous because they allow threat actors to manipulate freed memory regions, often leading to full system compromise when successfully chained with other exploits. High-Severity Vulnerabilities Patched Beyond the critical bugs, Google patched nine High-severity flaws spanning multiple components: CVE Type Component Bounty CVE-2026-9112 Use-After-Free GPU $11,000 CVE-2026-9113 Out-of-Bounds Read GPU $3,000 CVE-2026-9114 Use-After-Free QUIC N/A CVE-2026-9115 Insufficient Policy Enforcement Service Worker N/A CVE-2026-9116 Insufficient Policy Enforcement ServiceWorker N/A CVE-2026-9117 Type Confusion GFX N/A CVE-2026-9118 Use-After-Free XR N/A CVE-2026-9119 Heap Buffer Overflow WebRTC N/A CVE-2026-9120 Use-After-Free WebRTC N/A CVE-2026-9112 and CVE-2026-9113 were responsibly disclosed by an external researcher identified as c6eed09fc8b174b0f3eebedcceb1e792, earning a combined $14,000 in bug bounties. Other Medium-Severity Fixes Google also patched five Medium-severity issues, including out-of-bounds reads in GPU (CVE-2026-9121, CVE-2026-9122 — credited to David Korczynski of Adalogics and the same external researcher), a heap buffer overflow in Chromecast (CVE-2026-9123), insufficient input validation (CVE-2026-9124), and a use-after-free in DOM (CVE-2026-9126). Mitigations Google notes that bug details will remain restricted until most users have received the patch, reducing the risk of exploitation during the rollout window. Users and administrators should take the following steps immediately: Navigate to chrome://settings/help and confirm the browser version is 148.0.7778.178 or higher Restart Chrome to apply any pending updates Enterprise administrators should force-deploy the update via policy management tools Monitor Chrome release notes and CISA advisories for any active exploitation indicators Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Claude Code RCE Flaw Lets Attackers Execute Commands via Malicious Deeplinks BadIIS Malware Turns Hijacks IIS Servers and Redirect Users to Illicit Sites Compromised GitHub Action Exfiltrates Workflow Credentials to Attacker Domain Cisco Catalyst SD-WAN Controller 0-Day Actively Exploited to Gain Admin Access Critical SEPPmail Gateway Flaws Allow Remote Code Execution and Mail Traffic Theft Latest News Cyber Security News Mini Shai-Hulud Compromises @antv npm Packages to Steal CI/CD Credentials Cyber Security Flipper Unveils New Flipper One Modular Linux Cyberdeck Cyber Security News P2PInfect Botnet Compromises Kubernetes Clusters Through Exposed Redis Instances Cyber Security GitHub Internal Repositories Breached Via Weaponized VS Code Extension Cyber Security News Nine-year-old Linux Kernel Vulnerability Let Attackers Exfiltrate SSH Private Keys
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 21, 2026
    Archived
    May 21, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗