- 9/2026
- Critical
Google has released an updated Chrome version 144.0.7559.96/.97 for Windows and Mac, and version 144.0.7559.96 for Linux.
The addressed vulnerabilities could allow the remote attacker to exploit object corruption and heap corruption via a crafted HTML page, perform UI spoofing and domain spoofing, bypass security restrictions, obtain sensitive information, spoof the contents of the Omnibox, perform an out-of-bounds memory read, and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Google Chrome Insufficient Policy Enforcement Vulnerability in Network (CVE-2026-0905):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
2. Google Chrome Use after free Vulnerability in ANGLE (CVE-2026-0908):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2026-1220
- CVE-2026-0907
- CVE-2026-0906
- CVE-2026-0905
- CVE-2026-0908
- CVE-2026-0902
- CVE-2026-0900
- CVE-2026-0899
- CVE-2026-0901
- CVE-2026-0903
- CVE-2026-0904
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.