Google Chrome 144 Patches High-Severity V8 Race Condition (CVE-2026-1220)

Google has released a security update for Chrome addressing a high-severity vulnerability in the V8 JavaScript engine that powers the browser.

The flaw, tracked as CVE-2026-1220, is a race condition in V8—the component responsible for executing JavaScript code. Race conditions occur when the timing of operations can be exploited to cause unexpected behavior, potentially allowing attackers to corrupt memory or execute arbitrary code.

Affected Versions

The update rolls out the following versions:

• Windows/Mac: 144.0.7559.96/.97
• Linux: 144.0.7559.96

The patches will distribute automatically over the coming days, though users can manually trigger an update by navigating to Settings → About Chrome.

Discovery

The vulnerability was reported by external security researcher @p1nky4745 on January 7, 2026. Google has not disclosed the bug bounty amount, listing it as "TBD."

As is standard practice, Google is restricting access to technical details until a majority of users have updated, preventing exploitation in the wild.

Why It Matters

V8 vulnerabilities are particularly dangerous because JavaScript executes automatically when visiting websites. A weaponized exploit could potentially achieve code execution simply by luring a victim to a malicious page—no user interaction required beyond visiting the site.

Chrome's massive market share (approximately 65% of desktop browsers) makes any high-severity vulnerability a prime target for attackers.

Recommendation

Update Chrome immediately. Verify your version by clicking the three-dot menu → Help → About Google Chrome. The browser will automatically check for and install available updates.