[{"data":1,"prerenderedAt":142},["ShallowReactive",2],{"article-slug-google-chrome-update-patches-60-vulnerabilities-including-critical-bugs":3,"articles-index":-1},{"id":4,"slug":5,"headline":6,"title":7,"summary":8,"full_report":9,"twitter_post":10,"meta_description":11,"category":12,"severity":15,"entities":16,"cves":24,"sources":41,"events":64,"mitre_techniques":67,"mitre_mitigations":80,"d3fend_countermeasures":103,"iocs":112,"cyber_observables":113,"tags":125,"extract_datetime":133,"article_type":134,"impact_scope":135,"pub_date":51,"reading_time_minutes":141,"createdAt":133,"updatedAt":133},"44e41a36-71a0-4a6f-965f-ac21544a4a13","google-chrome-update-patches-60-vulnerabilities-including-critical-bugs","Google Issues Urgent Chrome Update to Patch 60 Flaws, Including Two Critical Bugs","Google Chrome 147 Patches 60 Vulnerabilities, Including Two Critical RCE Flaws","Google has released an urgent security update for its Chrome browser, version 147, patching a total of 60 vulnerabilities. The update, announced around April 9, 2026, addresses two critical flaws, CVE-2026-5858 (a heap buffer overflow) and CVE-2026-5859 (an integer overflow), both in Chrome's WebML component. These vulnerabilities could be exploited for remote code execution, and Google awarded researchers a combined $86,000 in bug bounties for their discovery. The update also fixes 14 high-severity flaws affecting components like WebRTC and the V8 JavaScript engine. Users are strongly advised to update their browsers immediately.","## Executive Summary\n**[Google](https://www.google.com/)** has released a critical security update for its Chrome browser, bringing the stable channel to version 147.0.7727.55/56. The update, rolled out starting April 9, 2026, addresses 60 security vulnerabilities, including two rated as **critical**. These two critical flaws, **[CVE-2026-5858](https://www.cve.org/CVERecord?id=CVE-2026-5858)** and **[CVE-2026-5859](https://www.cve.org/CVERecord?id=CVE-2026-5859)**, affect Chrome's WebML component and could allow an attacker to achieve remote code execution (RCE) by tricking a user into visiting a malicious website. The severity of these bugs is underscored by the high bug bounty payouts, totaling $86,000. The patch also includes fixes for 14 high-severity vulnerabilities. While Google has not reported any active exploitation in the wild, the critical nature of the flaws necessitates immediate action from all Chrome users on Windows, Mac, and Linux.\n\n## Vulnerabilities Addressed\nThe update patches a large number of flaws, but the most significant are the two critical vulnerabilities in WebML, Chrome's API for web-based machine learning.\n\n*   **[CVE-2026-5858](https://www.cve.org/CVERecord?id=CVE-2026-5858)**: A **critical** heap buffer overflow vulnerability in WebML. This type of flaw can be exploited to overwrite memory, potentially leading to arbitrary code execution.\n*   **[CVE-2026-5859](https://www.cve.org/CVERecord?id=CVE-2026-5859)**: A **critical** integer overflow vulnerability in WebML. Integer overflows can lead to incorrect memory allocation, which can also be leveraged to cause a buffer overflow and achieve code execution.\n\nIn addition to these, the update fixes **14 high-severity vulnerabilities**, including:\n*   **[CVE-2026-5860](https://www.cve.org/CVERecord?id=CVE-2026-5860)**: Use-after-free in WebRTC.\n*   **[CVE-2026-5861](https://www.cve.org/CVERecord?id=CVE-2026-5861)**: Use-after-free in V8 JavaScript engine.\n*   **[CVE-2026-5862](https://www.cve.org/CVERecord?id=CVE-2026-5862)**: Use-after-free in WebAudio.\n*   **[CVE-2026-5863](https://www.cve.org/CVERecord?id=CVE-2026-5863)**: Inappropriate implementation in Media.\n\nUse-after-free vulnerabilities are particularly dangerous as they often allow attackers to execute arbitrary code.\n\n## Affected Products\n*   **Google Chrome** versions prior to 147.0.7727.55 for Linux.\n*   **Google Chrome** versions prior to 147.0.7727.55/56 for Windows and Mac.\n\nAll desktop users of Google Chrome are affected.\n\n## Impact Assessment\nA successful exploit of the critical vulnerabilities (**CVE-2026-5858** or **CVE-2026-5859**) would allow an attacker to execute arbitrary code on the victim's computer within the context of the Chrome sandbox. While the sandbox provides a layer of protection, attackers often chain a browser exploit with a second sandbox escape exploit to gain full control over the underlying operating system. The attack vector is straightforward: an attacker would need to host a malicious website and convince a user to visit it. Given Chrome's massive user base (over 3.5 billion users), even a small percentage of unpatched systems represents a huge target for threat actors. The high bug bounty payouts ($43,000 for each critical flaw) indicate that Google's security team assessed these as highly impactful and likely exploitable.\n\n## Exploitation Status\nAs of the announcement, Google stated it was not aware of any active exploitation of these 60 vulnerabilities in the wild. However, now that the patches are public, threat actors will begin to reverse-engineer them to develop working exploits. The window for safe patching is therefore limited.\n\n## Cyber Observables for Detection\nDetecting exploitation of a browser vulnerability on the network can be difficult as the traffic is encrypted. Endpoint detection is more effective.\n| Type | Value | Description | Context | Confidence |\n|---|---|---|---|---|\n| process_name | `chrome.exe` | Monitor for `chrome.exe` processes that spawn unexpected child processes, such as `cmd.exe`, `powershell.exe`, or `wscript.exe`. | EDR, Process monitoring logs. | high |\n| other | `Chrome Crash Reports` | A sudden increase in Chrome browser crashes across an organization could indicate attempts to exploit a memory corruption vulnerability. | Endpoint monitoring, crash dump analysis. | medium |\n\n## Installation Instructions\nGoogle Chrome automatically updates itself, but users can and should manually trigger the update to ensure they are protected immediately.\n1.  Open Google Chrome.\n2.  Click the three vertical dots in the top-right corner.\n3.  Navigate to **Help** > **About Google Chrome**.\n4.  Chrome will automatically check for and download the update.\n5.  After the download is complete, you must **relaunch** the browser to apply the update. The version number should be 147.0.7727.56 or higher.\n\n## Deployment Priority\nThis update should be considered **critical** and deployed immediately.\n1.  **Priority 1 (Immediate)**: All user workstations, especially those of high-risk users (executives, finance, IT administrators).\n2.  **Priority 2 (Within 24 hours)**: All other systems, including servers that may have Chrome installed for administrative purposes.\n\nEnterprise administrators should use their central management tools to push the update across their fleet as quickly as possible.","Google Chrome users: Update now! Version 147 patches 60 vulnerabilities, including two CRITICAL flaws (CVE-2026-5858, CVE-2026-5859) in WebML that could allow remote code execution. 💻 #Chrome #PatchTuesday #Cybersecurity","Google has released a critical security update for Chrome, version 147, patching 60 vulnerabilities, including two critical RCE flaws (CVE-2026-5858, CVE-2026-5859). Users should update immediately.",[13,14],"Patch Management","Vulnerability","critical",[17,21],{"name":18,"type":19,"url":20},"Google","vendor","https://www.google.com/",{"name":22,"type":23},"Google Chrome","product",[25,27,29,32,34,36,38],{"id":26,"severity":15},"CVE-2026-5858",{"id":28,"severity":15},"CVE-2026-5859",{"id":30,"severity":31},"CVE-2026-5860","high",{"id":33,"severity":31},"CVE-2026-5861",{"id":35,"severity":31},"CVE-2026-5862",{"id":37,"severity":31},"CVE-2026-5863",{"id":39,"severity":40},"CVE-2026-5874","medium",[42,48,54,59],{"url":43,"title":44,"date":45,"friendly_name":46,"website":47},"https://www.forbes.com/sites/daveywinder/2026/04/09/google-issues-critical-update-alert-for-35-billion-chrome-users/","Google Issues Critical Update Alert For 3.5 Billion Chrome Users","2026-04-09","Forbes","forbes.com",{"url":49,"title":50,"date":51,"friendly_name":52,"website":53},"https://www.securityweek.com/chrome-147-patches-60-vulnerabilities-including-two-critical-flaws-worth-86000/","Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86000","2026-04-10","SecurityWeek","securityweek.com",{"url":55,"title":56,"date":45,"friendly_name":57,"website":58},"https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","Stable Channel Update for Desktop","Chrome Releases","chromereleases.googleblog.com",{"url":60,"title":61,"date":51,"friendly_name":62,"website":63},"https://www.cyber.gc.ca/en/alerts-advisories/google-chrome-security-advisory-av26-337","Google Chrome security advisory (AV26-337)","Canadian Centre for Cyber Security","cyber.gc.ca",[65],{"datetime":45,"summary":66},"Google releases Chrome 147 to the stable channel, patching 60 vulnerabilities.",[68,72,76],{"id":69,"name":70,"tactic":71},"T1204.001","User Execution: Malicious Link","Execution",{"id":73,"name":74,"tactic":75},"T1068","Exploitation for Privilege Escalation","Privilege Escalation",{"id":77,"name":78,"tactic":79},"T1190","Exploit Public-Facing Application","Initial Access",[81,90,94],{"id":82,"name":83,"d3fend_techniques":84,"description":89},"M1051","Update Software",[85],{"id":86,"name":87,"url":88},"D3-SU","Software Update","https://d3fend.mitre.org/technique/d3f:SoftwareUpdate","The primary mitigation is to apply the security update provided by Google immediately.",{"id":91,"name":92,"description":93},"M1021","Restrict Web-Based Content","Use web filtering solutions to block access to known malicious or untrusted websites that could host exploit code.",{"id":95,"name":96,"d3fend_techniques":97,"description":102},"M1050","Exploit Protection",[98],{"id":99,"name":100,"url":101},"D3-AH","Application Hardening","https://d3fend.mitre.org/technique/d3f:ApplicationHardening","Ensure that OS-level exploit protections like ASLR and DEP are enabled. Modern browsers like Chrome use these by default.",[104,106],{"technique_id":86,"technique_name":87,"url":88,"recommendation":105,"mitre_mitigation_id":82},"The most effective and urgent countermeasure for the vulnerabilities patched in Chrome 147 is to apply the software update. For end-users, this means navigating to 'About Google Chrome' and relaunching the browser. For enterprise environments, security teams must use their endpoint management tools (e.g., Microsoft Intune, Jamf, SCCM) to force the update across all managed devices immediately. Given that two of the vulnerabilities are critical and could lead to remote code execution, this is a race against time. Attackers will be actively reverse-engineering the patch to develop exploits. A rapid and comprehensive patching cycle is the only way to close this window of opportunity and protect the organization from drive-by compromise attacks.",{"technique_id":107,"technique_name":108,"url":109,"recommendation":110,"mitre_mitigation_id":111},"D3-PA","Process Analysis","https://d3fend.mitre.org/technique/d3f:ProcessAnalysis","As a secondary, detective control, organizations should use EDR solutions to perform Process Analysis on browser processes. A successful exploit of a critical vulnerability like CVE-2026-5858 would likely be followed by the execution of a second-stage payload. A key indicator of this is the browser process (`chrome.exe`) spawning anomalous child processes. Security teams should have high-priority alerts for any instance where `chrome.exe` is the parent of `cmd.exe`, `powershell.exe`, `wscript.exe`, or any unsigned executable. This behavior is almost always malicious and indicates that an attacker has broken out of the browser's context and is attempting to establish a foothold on the endpoint. This provides a critical opportunity to detect and contain a compromise on an unpatched system.","M1049",[],[114,119],{"type":115,"value":116,"description":117,"context":118,"confidence":31},"process_name","chrome.exe","A compromised Chrome process may spawn suspicious child processes like `powershell.exe` or `cmd.exe` after a successful exploit. This is a strong indicator of post-exploitation activity.","EDR logs, Windows Event ID 4688.",{"type":120,"value":121,"description":122,"context":123,"confidence":124},"other","Browser crash","An unexpected browser crash could be the result of a failed memory corruption exploit attempt. A spike in crashes could indicate active scanning or exploitation.","Endpoint crash logs, Windows Event Viewer.","low",[126,127,128,129,130,131,132],"google chrome","vulnerability","patch management","rce","cve-2026-5858","cve-2026-5859","webml","2026-04-10T15:00:00.000Z","Advisory",{"geographic_scope":136,"industries_affected":137,"other_affected":139},"global",[138],"Technology",[140],"All Google Chrome users",4,1776260628262]