CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 17, 2026

Critical Chrome Vulnerabilities Allow Attackers to Execute Arbitrary Code – Update Now!

Cybersecurity News Archived Jun 17, 2026 ✓ Full text saved

Google has released a critical security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could allow attackers to execute arbitrary code on affected systems. Users are strongly advised to update immediately as several flaws impact core browser components. The latest Chrome Stable channel has been updated to version 149.0.7827.155/.156 for Windows and macOS, […] The post Critical Chrome Vulnerabilities Allow Attackers to Execute Arbitrary Code – Update Now! ap

Full text archived locally
✦ AI Summary · Claude Sonnet


    Discover more Antivirus & Malware Computer Security Hacker threat intelligence HomeChrome Critical Chrome Vulnerabilities Allow Attackers to Execute Arbitrary Code – Update Now! By Abinaya June 17, 2026 Google has released a critical security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could allow attackers to execute arbitrary code on affected systems. Users are strongly advised to update immediately as several flaws impact core browser components. The latest Chrome Stable channel has been updated to version 149.0.7827.155/.156 for Windows and macOS, and 149.0.7827.155 for Linux. The rollout is gradual and will reach users over the coming days and weeks. This release includes 33 security fixes, several of which are rated critical due to their potential for remote code execution (RCE). Google has restricted detailed technical information for some bugs until the majority of users have installed the update. Chrome Vulnerabilities Enable Code Execution Among the patched issues, seven critical vulnerabilities stand out, primarily involving “use-after-free” memory corruption bugs. These flaws can allow attackers to manipulate memory and execute arbitrary code within the browser context. Key critical vulnerabilities include: CVE-2026-12437: Use-after-free in WebShare. CVE-2026-12438: Inappropriate implementation in WebView. CVE-2026-12439 & CVE-2026-12440: Use-after-free in Digital Credentials. CVE-2026-12441: Use-after-free in File Input. CVE-2026-12442: Use-after-free in Passwords. CVE-2026-12443: Use-after-free in Web Authentication. Use-after-free vulnerabilities occur when memory is accessed after it has been released, potentially allowing attackers to corrupt memory structures and gain control of the execution flow. In a real-world scenario, a victim simply visiting a malicious webpage could trigger exploitation without additional interaction. In addition to critical flaws, Google patched numerous high-severity vulnerabilities across components such as WebRTC, Extensions, Safe Browsing, GPU, and File System Access. Other Notable Vulnerabilities Heap buffer overflows in WebRTC (CVE-2026-12447, CVE-2026-1246. Out-of-bounds reads in Chromoting and WebRTC. Multiple use-after-free flaws in Extensions, Media, Downloads, and Browser. Insufficient validation and policy enforcement issues across input handling and extensions. These vulnerabilities could lead to data leaks, sandbox escapes, or further exploitation chains when combined with other bugs. CVE ID Severity Component Vulnerability type Reporter Reported date CVE-2026-12437 Critical WebShare Use after free Google 2026-05-25 CVE-2026-12438 Critical WebView Inappropriate implementation Google 2026-05-27 CVE-2026-12439 Critical Digital Credentials Use after free Google 2026-06-03 CVE-2026-12440 Critical DigitalCredentials Use after free Google 2026-06-03 CVE-2026-12441 Critical File Input Use after free Google 2026-06-05 CVE-2026-12442 Critical Passwords Use after free Google 2026-06-09 CVE-2026-12443 Critical Web Authentication Use after free Google 2026-06-11 CVE-2026-12444 High Chromoting Out of bounds read Google 2026-05-14 CVE-2026-12445 High Extensions Use after free Google 2026-05-14 CVE-2026-12446 High Passwords Insufficient data validation Google 2026-05-14 CVE-2026-12447 High WebRTC Heap buffer overflow Google 2026-05-15 CVE-2026-12448 High WebView Inappropriate implementation Google 2026-05-15 CVE-2026-12449 High Chromoting Use after free Google 2026-05-15 CVE-2026-12450 High Media Inappropriate implementation Zhixin Tu 2026-05-19 CVE-2026-12451 High DigitalCredentials Use after free Google 2026-05-19 CVE-2026-12452 High Downloads Use after free Google 2026-05-21 CVE-2026-12453 High Input Insufficient validation of untrusted input Google 2026-05-25 CVE-2026-12454 High Safe Browsing Race condition Google 2026-05-27 CVE-2026-12455 High Tab Strip Use after free Google 2026-05-27 CVE-2026-12456 High Extensions Insufficient validation of untrusted input Google 2026-05-27 CVE-2026-12457 High Extensions Insufficient data validation Google 2026-05-27 CVE-2026-12458 High Passwords Incorrect security UI Google 2026-05-27 CVE-2026-12459 High Serial Inappropriate implementation Google 2026-05-28 CVE-2026-12460 High File System Access Insufficient policy enforcement Google 2026-05-28 CVE-2026-12461 High WebRTC Out of bounds read Google 2026-05-29 CVE-2026-12462 High Media Use after free Google 2026-05-29 CVE-2026-12463 High Views Inappropriate implementation Google 2026-05-30 CVE-2026-12464 High Browser Use after free Google 2026-06-03 CVE-2026-12465 High Metrics Insufficient validation of untrusted input Google 2026-06-05 CVE-2026-12466 High WebRTC Heap buffer overflow Google 2026-06-05 CVE-2026-12467 High Extensions Use after free Google 2026-06-05 CVE-2026-12468 High Updater Inappropriate implementation Google 2026-06-08 CVE-2026-12469 High GPU Uninitialized use Google 2026-06-09 Google credits its internal security tools for identifying many of these vulnerabilities, including AddressSanitizer, MemorySanitizer, libFuzzer, and Control Flow Integrity mechanisms. These tools play a key role in proactively identifying memory safety issues before they are exploited in the wild. Users and organizations should take immediate action: Update Chrome to the latest version via Settings > About Chrome. Restart the browser to ensure patches are applied. Monitor enterprise environments for outdated browser versions. Apply defense-in-depth strategies such as endpoint protection and browser isolation. Given the number of critical memory corruption vulnerabilities, delaying updates significantly increases the risk of exploitation. CISO & Security Leaders: Your next breach may not have a face. Join ISC2’s LIVE webinar, “Ghost in the Machine” Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News DPAPISnoop Tool Extracts CREDHIST Hashes for Offline Windows Credential Recovery Russian and Chinese Influence Actors Use AI to Evade Bot Detection and Mimic Human Behavior CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data China-Nexus Hackers Use Backdoored PAM Modules for Credential Theft and Authentication Bypass Latest News Cyber Security News Deno-Based RAT Uses Microsoft Teams Impersonation and Mailbombing to Target Employees Cyber Security Hackers Abuse Steam Workshop Application Wallpapers to Hijack Active Steam Sessions AI Hackers Using Claude and OpenAI’s Codex for Exploitation, and Data Exfiltration Activities Cyber Security News Using Real-Time Network Monitoring to Spot Suspicious Application Behavior on macOS Cyber Security News UNC3753 Uses Screen-Sharing Sessions and RMM Tools to Exfiltrate Sensitive Legal Data
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 17, 2026
    Archived
    Jun 17, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗