


























Google confirms 60 new Chrome security vulnerabilities in update alert.
Photothek via Getty Images
Hot on the heels of Google announcing that a browser zero-day vulnerability was already being exploited by attackers, the technology juggernaut has issued a new alert to 3.5 billion Chrome users, as a staggering 60 vulnerabilities, two of which are rated critical, have now been newly confirmed. Google has, thankfully, already begun another security update rollout to address the large number of security bugs, but that’s the good news. The bad is that Google has acknowledged it could take days, or even weeks, to reach you. Here’s what you need to know and how to ensure your browser is protected right now.
ForbesGmail Users Urged Not To Disable Critical 2FA Protection
When it comes to Chrome security, there is a danger of what you might call update fatigue. After all, Google already ships weekly security updates for the 3.5 billion users of the world’s most popular browser. But make no mistake, these updates are essential to your security, and to become blasé about them would be a poor judgment call. The March 31 update, for example, fixed 21 vulnerabilities, but one of them, a zero-day, was already being exploited by attackers. While there are no zero-day exploits noted in the April 7 update, the number of vulnerabilities confirmed has risen to a quite staggering 60 in total. Of these, two have official Common Vulnerabilities and Exposures severity ratings of critical, and another 14 are high-rated. Indeed, Google has rewarded security researchers who responsibly disclosed just eight of these security issues with a total Indeed, Google has rewarded security researchers who responsibly disclosed just eight of these security issues with a total vulnerability programme bounty payout of $117,000, to put the potential impact into some perspective.
The two critical vulnerabilities, each of which impacts Chrome’s web machine learning component, WebML, responsible for the acceleration of AI machine learning inference within the browser, and each of which earned a $43,000 reward, are as follows:
The Vulners vulnerability database entry for CVE-2026-5858 stated that “The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. CVE-2026-5859, however, also requires user interaction to be successfully exploited.
While Google Chrome updates are handled automatically, as confirmed by Google in the advisory, it can take a while to actually hit your browser. Therefore, I always recommend that you use the three-dot menu in your browser to Help|About Google Chrome, which will kickstart the update process. Be sure to follow the instructions to restart your browser when prompted, as this activates the update and will protect you from the 60 vulnerabilities that have now been patched.
ForbesBitcoin Blockchain Hack Alarm Sounded By GoogleBy Davey Winder此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。