CHROME 147 patches 60 vulnerabilities in the latest update, with two of the flaws rated as critical and affecting the WebML component used for running machine learning models in the browser. The two critical issues are described as a heap buffer overflow (CVE-2026-5858) and an integer overflow (CVE-2026-5859), reported by anonymous researchers who earned $43,000 each.
Of the remaining fixes, 14 carry a high severity rating and affect Chrome components including WebRTC, V8, WebAudio, Media, WebML, Angle, Skia, and Blink; the article notes that nearly half of the flaws were found internally by Google. Two additional bug bounties are detailed: $11,000 for CVE-2026-5860 and $3,000 for CVE-2026-5861, with Google also paying $11,000 for CVE-2026-5874, a use-after-free bug in PrivateAI, according to SecurityWeek.
The piece adds that there is no mention of any vulnerabilities being exploited in the wild, and recalls that in late March Google released a Chrome update fixing 21 vulnerabilities including a zero-day exploited in attacks.