chrome-security-update: Chrome Browser Fixes 60 Bugs, Pays Out $136,000 in Bug Bounty Rewards
Chrome Update Fixes 60 Vulnerabilities
Google has released the first stable version of Chrome 147, addressing 60 security vulnerabilities, including two critical flaws worth up to $86,000.
Vulnerability Details
- The critical bugs impact Chrome’s WebML component, designed for running machine learning models directly in the browser.
- The two high-reward vulnerabilities involve a heap buffer overflow (CVE-2026-5858) and an integer overflow (CVE-2026-5859), both identified by anonymous researchers.
- These security holes could potentially allow for sandbox escapes and/or remote code execution, making them particularly concerning.
According to Google, “The two high-reward vulnerabilities are located in the WebML component and can lead to remote code execution.”
Severity Ratings
- 14 of the patched vulnerabilities have been rated high severity, affecting various Chrome components such as WebRTC, V8, WebAudio, Media, WebML, Angle, Skia, and Blink.
- A significant portion of these flaws were discovered internally by Google, while others were reported by anonymous researchers.
- For two vulnerabilities, Google offered bug bounties: $11,000 for CVE-2026-5860 and $3,000 for CVE-2026-5861.
According to Google, “We would like to thank the researchers who responsibly disclosed these vulnerabilities to us.”
Previous Updates
- This release follows a previous update in late March, which addressed 21 vulnerabilities, including a zero-day exploit used in malicious attacks.
- Additionally, Google has implemented new session cookie protections in Chrome to enhance web browsing safety.
About Author
English