Google Chrome 147: Update closes 60 security vulnerabilities, two critical
The update for Google Chrome to version 147, released Wednesday night, closes 60 security vulnerabilities.
(Image: heise medien)
Anyone who has not yet installed the security update for Google Chrome from Wednesday night should do so now. It closes a total of 60 security vulnerabilities. Two of these are even considered critical. So far, however, none of them are likely being exploited on the internet.
Google only filled in the details of the release announcement on Thursday night. However, they are significant: The new version closes a total of 60 security vulnerabilities. Among them are two in the WebML machine learning component: a heap-based buffer overflow allows attackers to inject and execute malicious code with manipulated HTML pages (CVE-2026-5858, no CVSS score, risk according to Google "critical"). In addition, an integer overflow in WebML can also be exploited (CVE-2026-5859, no CVSS score, risk according to Google "critical"). Google pays the discoverers a bug bounty of $43,000 per vulnerability.
Google's developers classify 14 further vulnerabilities as high risk, 20 as medium threat level, and 24 as low risk level.
Videos by heise
Updated Software Versions
The current version numbers of the secured Chrome browsers are 147.0.7727.49 for Android, 147.0.7727.55 for Linux, and 147.0.7727.55/56 for macOS and Windows. Whether the updated version is already running can be seen in the browser's version dialog. This opens after clicking on the browser menu, which is hidden behind the icon with the three stacked dots, and then selecting "Help" - "About Google Chrome". If the browser is outdated, this will start the update process.
On Linux, the software management of the distribution used is usually responsible for this. An update should also be available in the smartphone app stores – however, this often takes days depending on the phone model. Since the security vulnerabilities lie in the Chromium base, web browsers based on it, such as Microsoft Edge, are likely to be affected as well. Users of these alternatives should also look out for updates.
Most recently, Google released an urgent update for Chrome at the beginning of the month. Attacks on one of the 21 security vulnerabilities closed there were already occurring on the internet.
(dmk)
