Chrome 147’s first stable release lands with an unusually heavy security payload: 60 patched vulnerabilities, including two critical flaws in WebML, Google’s browser component for running machine learning models locally. That alone makes this an update most organizations should move up the queue.
According to the source material reported by SecurityWeek on April 10, 2026, the two critical issues are CVE-2026-5858, a heap buffer overflow, and CVE-2026-5859, an integer overflow. Both were reported anonymously, and each earned a $43,000 bug bounty. Google has not said these flaws were exploited in the wild, but the combination of critical severity and bounty size is a signal worth taking seriously. SecurityWeek noted that those factors suggest the bugs may have been considered valuable because of their potential use in sandbox escape or remote code execution chains.
That matters because browser vulnerabilities are rarely isolated technical curiosities. Chrome is not just a consumer app. It is the default work surface for many employees, the runtime for cloud software, and often the thin client through which finance, sales, HR, support, and engineering systems are accessed. When a browser update fixes 60 issues at once, the real question is not whether a single bug looks scary on paper. It is whether defenders are comfortable leaving dozens of patched entry points exposed while attackers study the diff.
Why the WebML angle stands out
The critical flaws sit in WebML, a component designed to let machine learning models run directly in the browser. That is useful for performance, privacy, and responsiveness. It also expands the browser’s attack surface into a category of code that tends to be complex, resource-intensive, and less familiar to many enterprise defenders than older browser subsystems such as rendering or JavaScript execution.
There is a practical lesson here. As browsers take on more advanced local processing, security teams inherit the risks of those capabilities whether or not they think of the browser as an AI platform. A feature built for convenience or speed can still become a high-value target if it handles memory unsafely or creates paths to deeper compromise.
That does not mean WebML is uniquely unsafe. It means the modern browser now bundles more ambitious functionality than many patch programs were designed around. Security teams that still treat browser updates as low-drama maintenance work may need to adjust that mindset.
What else was fixed
The 60 patched issues are spread across core Chrome components including WebRTC, V8, WebAudio, Media, WebML, Angle, Skia, and Blink. Fourteen of the non-critical bugs were rated high severity. Nearly half of the flaws were found internally by Google, while many others were reported anonymously.
Only a few of the patched bugs have public bounty amounts in the source material. Beyond the two critical WebML findings, Google awarded $11,000 for CVE-2026-5860 and $3,000 for CVE-2026-5861. Another notable issue, CVE-2026-5874, is described as a medium-severity use-after-free bug in PrivateAI and received an $11,000 reward.
One detail from outside Google’s own advisory path adds to the urgency. Ubuntu separately tracked CVE-2026-5875 as a Blink policy-bypass and UI spoofing issue that was fixed in Chrome 147. Even when a single bug is not rated critical, policy-bypass and spoofing flaws can matter operationally because they can help attackers make a malicious page look trustworthy enough to win a click, a login, or a permission grant.
A concrete enterprise example
Consider a support team that works entirely in Chrome and uses a browser-based CRM, an internal knowledge tool, and a web chat console. If an attacker can combine a browser bug with convincing UI spoofing behavior, the employee may never see a classic malware prompt or suspicious file download. The attack surface is the tab itself. A fake sign-in window, a misleading permissions request, or a crafted page that exploits a rendering or memory flaw can do the job quietly.
That is why updates like Chrome 147 are not just for endpoint administrators. They affect identity teams, SaaS security teams, help desk workflows, and anyone responsible for managed browsers. The browser has become too central to treat as a neutral transport layer.
Context from recent Chrome patches
This release also arrives shortly after another meaningful Chrome security update. In late March, Google patched 21 vulnerabilities, including a zero-day that had been exploited in malicious attacks. The source material does not connect that earlier zero-day to Chrome 147, and there is no indication that the new flaws are under active exploitation. Still, the cadence matters. Attackers do not need every browser bug to be a zero-day. They benefit whenever organizations lag behind public patches, especially in software deployed almost everywhere.
Google also announced new session cookie protections in Chrome this week to reduce the risk of account compromise through stolen authentication cookies. That is separate from the 147 vulnerability count, but strategically related. Browser security is no longer just about memory corruption and renderer bugs. It now includes the protection of sessions, credentials, and application trust states that sit at the center of modern work.
What security teams should take from this
The obvious step is to update Chrome to the 147.x release as quickly as change-control allows. The less obvious takeaway is that the risk profile of the browser keeps widening. Features tied to AI execution, media handling, rendering, real-time communication, and identity protections all now live in one place. That makes the browser both more capable and more operationally sensitive.
- For enterprises: browser patch latency is still one of the simplest measurable exposures to reduce.
- For smaller businesses: automatic updates deserve the same seriousness as endpoint protection because the browser is often the primary business application shell.
- For users: a prompt browser restart after an update is not a minor hygiene step when dozens of vulnerabilities were just fixed.
What to watch next
The immediate thing to watch is how quickly Chrome 147 propagates through managed environments. Security teams should also pay attention to whether follow-on research emerges around WebML or related in-browser AI features. When researchers are finding high-value bugs in newer browser components, that is often an early sign that defenders need better visibility into how those components are used and exposed.
Chrome 147 is, on its face, a patch release. In practice, it is another reminder that the browser is now one of the densest concentrations of security risk in the enterprise stack. Sixty fixes in a first stable release is enough reason to patch. The fact that two critical bugs sit in a machine-learning component makes the release more interesting than a routine version bump and harder to dismiss as background maintenance.