Overview
- Google began rolling out Chrome 147 this week with patches for 60 security bugs across Windows, macOS, Linux, Android, and iOS.
- The desktop release is 147.0.7727.55/56 on Windows and macOS and 147.0.7727.55 on Linux, with matching mobile builds that address the same issues.
- Two critical flaws, CVE-2026-5858 and CVE-2026-5859, hit Chrome’s WebML engine, which runs machine learning models inside the browser, and involve heap buffer and integer overflows.
- Google says none of the 60 vulnerabilities are known to be exploited in the wild, yet it urges users to update now by going to Help > About Google Chrome and restarting to apply the fix.
- The patch set spans 14 high-, 20 medium-, and 24 low-severity issues, including memory errors and V8 type confusion, and Google reports roughly $117,000–$118,000 in bug-bounty payouts to researchers.