- 100/2026
- Critical
Google has released an updated version of Chrome, 147.0.7727.116/117 for Windows and Mac, and 147.0.7727.116 for Linux.
The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, escalate privileges, and potentially perform a sandbox escape via a crafted HTML page or video file.
Sample of the addressed vulnerabilities:
1. Google Chrome DevTools Use After Free Vulnerability (CVE-2026-6919):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Google Chrome GPU Out of Bounds Read Vulnerability (CVE-2026-6920):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Bypass Security
Vulnerabilities
- CVE-2026-6919
- CVE-2026-6920
- CVE-2026-6921
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.