# Update Chrome Now: Critical Vulnerabilities Allow Remote Code Execution > Google released urgent Chrome security update patching 16 vulnerabilities including two critical flaws (CVE-2026-9111, CVE-2026-9110) that could allow remote code execution and UI spoofing attacks. **URL:** https://www.ciptadusa.com/blog/chrome-critical-vulnerabilities-may-2026 **Type:** blog **Author:** PT Cipta Dua Saudara **Category:** Application Security **Published:** 2026-06-01 **Cover:** https://www.ciptadusa.com/media/defaults/blog-cover.svg ## Article ## The Critical Chrome Update Google has released an urgent security update for Chrome, fixing **16 vulnerabilities** in May 2026 alone, including **two rated critical**. The updated versions are: - **148.0.7778.178/179** for Windows and Mac - **148.0.7778.178** for Linux ## Critical Vulnerabilities Fixed ### CVE-2026-9111 — Use-After-Free in WebRTC (Critical) This vulnerability allows **remote code execution** through malicious web pages. A use-after-free flaw in WebRTC could allow attackers to compromise the renderer process and execute arbitrary code. **Affected versions**: Chrome on Linux prior to 148.0.7778.179 **CVSS Score**: Critical (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L) ### CVE-2026-9110 — UI Spoofing (Critical) This inappropriate implementation flaw in Chrome's UI on Windows could enable attackers to bypass security restrictions and perform UI spoofing via a crafted HTML page. A remote attacker who had already compromised the renderer process could exploit this. **Affected versions**: Chrome on Windows prior to 148.0.7778.179 ## Additional Vulnerabilities In addition to the two critical issues, Google also patched **nine high-severity flaws** in this update. Earlier in May 2026, Google had already addressed 79 vulnerabilities in a previous significant update, bringing the total to 95 vulnerabilities fixed in May alone. ## Why This Matters ### Browser as Attack Vector Chrome's dominance (over 65% browser market share) makes it a prime target for attackers. A single malicious webpage can compromise users through these vulnerabilities. ### Remote Code Execution Risk CVE-2026-9111 is particularly dangerous because it allows code execution through simply visiting a webpage. Users do not need to download anything or grant permissions. ## What Users Should Do ### Immediate Actions 1. **Update Chrome now** — Click the three-dot menu → Help → About Google Chrome → Chrome will check for updates and install version 148.0.7778.179 or later 2. **Restart Chrome** after updating to ensure the patch takes full effect 3. **Enable automatic updates** to avoid future delays ### For Enterprise Administrators Organizations should: - Deploy the update via policy management tools - Ensure all endpoints are running the patched version - Consider blocking access to untrusted websites - Monitor for unusual Chrome processes that might indicate exploitation ## Broader Context: Browser Security in 2026 This update comes amid a busy period for browser security: - **Microsoft May 2026 Patch Tuesday**: Addressed 120 vulnerabilities across Windows, Office, Azure, and Microsoft 365 - **Firefox** has also issued multiple security updates in 2026 - **CISA** has added several browser vulnerabilities to the Known Exploited Vulnerabilities catalog The trend reflects attackers increasingly targeting client-side vulnerabilities as network perimeter defenses improve. ## Sources - NVD - CVE-2026-9110: https://nvd.nist.gov/vuln/detail/CVE-2026-9110 - Chrome Releases Blog (May 2026): https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html - Chromium Issues: https://issues.chromium.org/issues/503551154 - DCD-IT Cybersecurity Digest (May 2026): https://dcd-it.com/blogs/news/may-2026-cybersecurity-news-digest --- *Markdown version of https://www.ciptadusa.com/blog/chrome-critical-vulnerabilities-may-2026 — generated for AI agents and LLM crawlers.*