Google has rolled out a new update for its Chrome browser, fixing several serious security issues. The latest version, Chrome 147, is now available for Windows, Mac, and Linux users. This update is important because it patches multiple vulnerabilities, including two critical flaws that could allow attackers to take control of a system remotely.
The most serious issues fixed in this update are tracked as CVE-2026-5858 and CVE-2026-5859. Both have been rated as critical and even earned high bug bounty rewards of $43,000 each. These vulnerabilities exist in Chrome’s Web Machine Learning (WebML) component. This feature is designed to run machine learning tasks directly inside the browser.
The problem is related to how memory is handled. In simple terms, Chrome fails to properly check limits when processing certain data. This allows attackers to overflow memory buffers or trigger integer overflows.
If exploited, a hacker can create a malicious web page that silently runs code on the victim’s system. This is what is known as remote code execution, and it is one of the most dangerous types of vulnerabilities.
Apart from the two critical issues, the update also fixes 14 high-severity vulnerabilities across different parts of the browser. Some of the key areas affected include WebRTC, media handling, graphics, and Chrome’s JavaScript engine, the V8 JavaScript engine.
Many of these bugs involve issues like use-after-free and type confusion. These are complex memory-related bugs, but they are dangerous because attackers can use them to break out of Chrome’s security sandbox when combined with other exploits.
There are also several heap buffer overflows and integer overflows in components like WebAudio, ANGLE, and Skia. These can further increase the attack surface if not patched.
Google has also fixed multiple medium and low-severity vulnerabilities. While these may not directly allow full system takeover, they can still be risky. Some of these bugs could allow attackers to spoof browser UI, bypass security policies, or leak sensitive data. There are also issues related to downloads, service workers, and Chrome’s PDF viewer.
Even though these are considered lower risk, they can still be used as part of a larger attack chain.
This update clearly shows how complex modern browsers have become. Features like WebML bring powerful capabilities, but they also introduce new risks if not handled properly. The fact that these bugs could be triggered just by opening a malicious webpage makes them even more serious. Users do not need to install anything. Just visiting the wrong site could be enough.
Chrome is one of the most secure browsers, but it is also one of the most complex. New features, like in-browser AI processing, increase the attack surface. That means more chances for bugs like this to appear. The good part is that Google’s security systems and researchers are still catching these issues early. Many of these bugs were found using advanced testing tools before they could be widely exploited.
If you are using Google Chrome, make sure you update to the latest version immediately. The patched versions start from 147.0.7727.55 and above. You can check for updates by going to Settings and opening the “About Chrome” section.
