Chrome variations 144.0.7559.109 and 144.0.7559.110 have been launched to the secure channel, addressing a essential safety vulnerability within the Background Fetch API.
The replace is rolling out throughout Home windows, Mac, and Linux techniques over the approaching days and weeks, making it important for customers to make sure their browsers are totally up to date.
The safety repair facilities on CVE-2026-1504, a Excessive-severity vulnerability affecting the Background Fetch API implementation.
This vulnerability was recognized as an inappropriate implementation that risk actors may doubtlessly exploit.
CVE IDVulnerabilityCVSS ScoreComponentReporterBountyStatusCVE-2026-1504Inappropriate implementation in Background Fetch API7.5Background Fetch APILuan Herrera (@lbherrera_)$3,000Fixed in 144.0.7559.109/.110
The problem was found and reported by safety researcher Luan Herrera on January 9, 2026, and has been awarded a $3,000 bug bounty from Google’s Vulnerability Reward Program.
The Background Fetch API is an internet customary that enables net purposes to obtain massive recordsdata within the background, even when the consumer has closed the browser tab or navigated away from the web site.
This implementation’s vulnerability may allow malicious actors to govern background fetch operations. Nonetheless, particular particulars of the exploitation stay restricted till nearly all of customers obtain the patch.
This replace represents Chrome’s ongoing dedication to safety, constructing on the browser’s multi-layered protection mechanisms.
Google employs superior detection instruments, together with AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Management Movement Integrity, libFuzzer, and AFL, to determine and forestall safety points from reaching the secure channel.
The Chrome 144.0.7559 replace started rolling out instantly. Nonetheless, it is going to be distributed progressively over a number of weeks to make sure system stability and permit for correct monitoring.
Customers can manually set off the replace by accessing Chrome settings and checking for updates.
Home windows and Mac customers ought to search for model 144.0.7559.109 or .110, whereas Linux customers will see 144.0.7559.109.
Safety consultants advocate that enterprise and particular person customers prioritize this replace, notably those that depend on net purposes using the Background Fetch API.
Organizations managing massive Chrome deployments ought to monitor the rollout and validate software compatibility through the replace window.
A complete checklist of all adjustments included on this construct is offered within the official Chrome commit log.
Customers experiencing points ought to report them by the bug reporting system or make the most of the Chrome neighborhood assist discussion board for assist.
Google continues to work with safety researchers worldwide to strengthen Chrome’s safety posture and forestall vulnerabilities from affecting customers.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
