Home About Courses Live Batches Private Sessions Labs Cyber Bulletin Verify Contact

Login

Multiple Vulnerabilities in Google Chrome for Desktop

Published on: April 18, 2026

Share:
Multiple Vulnerabilities in Google Chrome for Desktop

Overview:
Multiple vulnerabilities have been reported in Google Chrome for Desktop (Windows, macOS, Linux) that could allow a remote attacker to execute arbitrary code, manipulate data, or take control of the targeted system.

These vulnerabilities primarily involve memory corruption issues such as heap buffer overflows and use-after-free bugs in components like ANGLE, Skia, Proxy, Prerender, and XR.

Alongside these critical flaws, the update also resolves multiple “High” severity issues, including type confusion in Turbofan and out-of-bounds read errors in the Media component.

Who It Impacts:

  • All organizations and individuals using Google Chrome for Desktop.
  • Users running Chrome versions prior to 147.0.7727.101/102 (Windows/macOS) and 147.0.7727.101 (Linux).
  • Enterprises relying on Chrome for webmail, SaaS platforms, and internal applications.

How It Impacts:

  • Remote attackers can execute arbitrary code on the affected system.
  • Bypass browser security and sandbox protections.
  • Install malware or ransomware on compromised machines.
  • Access or manipulate sensitive information.

Attack Flow Overview:

  • A user visits a malicious or specially crafted website using an unpatched Chrome browser.
  • Vulnerable components (ANGLE, Skia, Proxy, Prerender, XR) are triggered.
  • Memory corruption vulnerabilities are exploited.
  • The attacker executes arbitrary code and gains control of the system.

Impact to Organizations:

  • Compromise of enterprise accounts and sensitive data.
  • Unauthorized access to corporate systems.
  • Endpoint takeover and lateral movement within networks.
  • Potential disruption of critical business operations.

Targeted Products:
Google Chrome (Desktop) for:

  • Windows (versions prior to 147.0.7727.101/102)
  • macOS (versions prior to 147.0.7727.101/102)
  • Linux (versions prior to 147.0.7727.101)
  • Web applications accessed via vulnerable browsers

IOCs:

  • neo.herosms[.]co
  •  flux.smshero[.]co
  •  nova.smshero[.]ai
  • soc.hero-sms[.]co
  •  7zip[.]com

CVE Identifiers:

  • CVE-2026-6296
  • CVE-2026-6297
  • CVE-2026-6298
  • CVE-2026-6299
  • CVE-2026-6358

Recommendations:

  • Update Google Chrome immediately to the latest stable version (147.0.7727.101/102 or later).
  • Ensure all endpoints (Windows, macOS, Linux) are patched without delay.
  • Restart the browser after applying updates to activate fixes.
  • Advise users to avoid visiting untrusted or suspicious websites.
  • Monitor systems for abnormal browser activity or unexpected behavior.
  • Follow threat intelligence updates for any active exploitation attempts.

Reference Links:

← Back to all bulletins