Chrome Security Update Fixes Critical Vulnerability in Background Fetch API - gbhackers.com

Chrome Security Update Fixes Critical Vulnerability ChromeCVE/vulnerabilityCyber Security News 1 min.Read Chrome Security Update Fixes Critical Vulnerability in Background Fetch API By Divya January 28, 2026 Share Facebook Twitter Pinterest WhatsApp Google has released a new Chrome Stable Channel update for desktop, addressing a high-severity vulnerability in the Background Fetch API that could expose users to security risks. The latest Chrome version, 144.0.7559.109/.110 for Windows and macOS and 144.0.7559.109 for Linux, is now rolling out to users and will be available over the coming days and weeks. Google has not yet shared full technical details of the flaw, as bug information is being temporarily restricted until most users receive the fix. CVE ID Severity Component Type Reporter CVE-2026-1504 High Background Fetch API Inappropriate implementation Luan Herrera (@lbherrera_) The patched vulnerability, tracked as CVE-2026-1504, is described as an “inappropriate implementation in Background Fetch API” and is rated High severity. The issue was reported by security researcher Luan Herrera (@lbherrera_) on January 9, 2026, and Google awarded a $3,000 bug bounty for the discovery. The Background Fetch API allows websites to download large files in the background, even if the browser tab is closed. An implementation flaw in this component could potentially be abused to bypass security boundaries, mishandle permissions, or process background requests in unsafe ways. While Google has not disclosed the details of the exploitation, the High rating indicates that successful exploitation could impact user security or privacy. As is standard practice, Google is withholding the full bug report and exploit details until a majority of Chrome users have updated, reducing the risk of active exploitation by threat actors. If the vulnerability also exists in third-party libraries, restrictions may remain in place longer to give other projects time to patch. Google credits tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL for helping detect many security issues earlier in the development cycle, keeping them from reaching the stable channel. Users are strongly advised to update Chrome as soon as possible via the browser’s built-in update mechanism to ensure protection against CVE-2026-1504 and other underlying security vulnerabilities. Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google. Tags Chrome Cyber Security News Vulnerability Divya Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world. Hot this week Infosec- Resources How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities June 4, 2023 1 What is Deep Web The deep web, invisible web, or... SOC Architecture How to Build and Run a Security Operations Center (SOC Guide) – 2023 June 3, 2023 12 Today’s Cyber security operations center (CSOC) should have everything... Cyber Security News Network Penetration Testing Checklist – 2025 March 2, 2025 0 Network penetration testing is a cybersecurity practice that simulates... Cyber Security News Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component October 18, 2023 0 TeamViewer's popularity and remote access capabilities make it an... Checklist Web Server Penetration Testing Checklist – 2026 January 6, 2026 0 Web server pentesting is performed under three significant categories: identity,... Topics AcquisitionAdobeAdwareAIAmazonAmazon AWSAMDAndroidAnti VirusAntimalwareAntispoofingANY RUNApacheAPIAppleAPTArtificial IntelligenceAvastAWSAzureBackdoorBitcoinBluetoothBotnetBrowserBuffer over flowBug BountyBusinessChatbotsChatGPTChecklistChromeCiscoCISOCISO AdvisoryCloudCloud SecurityCloudflareComputer SecurityCourseCPUCross site ScriptingcryptocurrencyCryptocurrency hackCVE/vulnerabilityCyber AdvisoryCyber AICyber AttackCyber Crimecyber securityCyber security CourseCyber Security NewsCyber Security ResourcesDark WebData BreachData GovernanceDDOSDealsDeepSeekDiscordDNSDos AttackDriveDropboxEducationEmailEmail SecurityEthical HackingExploitExploitation ToolsExtratorrentsFACEBOOKFeaturedFirefoxFirefox NewsFirewallForensics ToolsgameGenAIGitHubGitLabGmailGoogleGoogle dorksGovernanceGRCHacking BooksHacksHardware HackingHBOHTMLHTTPIBMIISIncident ResponseInformation GatheringInformation Security RisksInfosec- ResourcesInsider ThreatsInstagramMore Press Release Orchid Security Recognized by Gartner® as a Representative Vendor of Guardian Agents 0 New York, United States, March 17th, 2026, CyberNewswire Unleash AI... Press Release GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub 0 New York, NY, March 17th, 2026, CyberNewswire In 2025, Developer... cyber security Iranian Hackers Use Compromised Cameras for Regional Surveillance 0 Iranian cyber actors are expanding operations targeting US organizations... Bluetooth Windows 11 25H2/24H2 Update Addresses Bluetooth Device Visibility Issues 0 Microsoft has rolled out an unexpected out-of-band hotpatch, KB5084897,... cyber security Google Warns Ransomware Groups Shift to Data Theft as Profits Decline 0 Google is warning that ransomware gangs are reinventing their... Cyber Security News Microsoft Launches AI-Driven Troubleshooting for Purview Data Lifecycle Tools 0 Microsoft has officially released a new open-source tool designed... CVE/vulnerability Angular XSS Vulnerability Threatens Thousands of Web Applications 0 A high-severity Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-32635,... cyber security Glassworm Malware Infects Popular React Native npm Packages 0 A new Glassworm-linked supply chain attack has briefly turned... Related Articles Iranian Hackers Use Compromised Cameras for Regional Surveillance cyber security March 17, 2026 Windows 11 25H2/24H2 Update Addresses Bluetooth Device Visibility Issues Bluetooth March 17, 2026 Google Warns Ransomware Groups Shift to Data Theft as Profits Decline cyber security March 17, 2026 Microsoft Launches AI-Driven Troubleshooting for Purview Data Lifecycle Tools Cyber Security News March 17, 2026 Angular XSS Vulnerability Threatens Thousands of Web Applications CVE/vulnerability March 17, 2026 Recent News Orchid Security Recognized by Gartner® as a Representative Vendor of Guardian Agents CyberNewswire - March 17, 2026 GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub CyberNewswire - March 17, 2026 Iranian Hackers Use Compromised Cameras for Regional Surveillance Mayura Kathir - March 17, 2026 Windows 11 25H2/24H2 Update Addresses Bluetooth Device Visibility Issues Divya - March 17, 2026 Google Warns Ransomware Groups Shift to Data Theft as Profits Decline Mayura Kathir - March 17, 2026 Microsoft Launches AI-Driven Troubleshooting for Purview Data Lifecycle Tools Divya - March 17, 2026