CVE-2026-0899
📋 TL;DR
This vulnerability allows a remote attacker to trigger out-of-bounds memory access in Chrome's V8 JavaScript engine, potentially leading to memory corruption and arbitrary code execution. Users running vulnerable versions of Google Chrome are affected when visiting malicious websites.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the Chrome process, potentially leading to full system compromise if combined with other vulnerabilities.
Likely Case
Browser crash (denial of service) or limited memory corruption that could be leveraged for information disclosure or sandbox escape.
If Mitigated
Browser crash with no data loss if sandboxing holds, though user may lose unsaved work.
🎯 Exploit Status
Exploitation requires JavaScript execution, which is enabled by default. The vulnerability is in V8, which is heavily sandboxed, making reliable exploitation more complex.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 144.0.7559.59 and later
Vendor Advisory: https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html
Restart Required: Yes
Instructions:
1. Open Chrome and click the three-dot menu. 2. Go to Help > About Google Chrome. 3. Chrome will automatically check for updates and install version 144.0.7559.59 or later. 4. Click 'Relaunch' to restart Chrome with the fix.
🔧 Temporary Workarounds
Disable JavaScript
allPrevents exploitation by blocking JavaScript execution, which is required for this vulnerability.
chrome://settings/content/javascript > Block
Use Site Isolation
allEnhances sandboxing by isolating each website to separate processes.
chrome://flags/#site-isolation-trial-opt-out > Disabled
🧯 If You Can't Patch
- Use alternative browsers until Chrome can be updated
- Implement network filtering to block known malicious domains and restrict web browsing
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: If version is less than 144.0.7559.59, system is vulnerable.Check Version:
chrome://version/ (look for 'Google Chrome' version number)Verify Fix Applied:
Confirm Chrome version is 144.0.7559.59 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Chrome crash reports with V8-related stack traces
- Unexpected Chrome process termination events
Network Indicators:
- Unusual outbound connections from Chrome processes after visiting websites
SIEM Query:
source="chrome_crash_reports" AND (process="chrome.exe" OR process="Google Chrome") AND message="V8" AND severity="HIGH"