HomeIntelligenceBrief
BREACH BRIEF🟠 High Advisory

Critical Chrome Vulnerabilities Enable Remote Code Execution – Immediate Patch Required

LiveThreat™ Intelligence · 📅 May 22, 2026· 📰 malwarebytes.com
🟠
Severity
High
AD
Type
Advisory
🎯
Confidence
HIGH
🏢
Affected
7 sector(s)
Actions
4 recommended
📰
Source
malwarebytes.com

Critical Chrome Vulnerabilities Enable Remote Code Execution – Immediate Patch Required

What Happened

Google released Chrome 148.0.7778.178/179 updates that remediate two critical, high‑severity CVEs (CVE‑2026‑9111 and CVE‑2026‑9110). Both flaws allow a remote attacker to execute arbitrary code or spoof UI elements simply by delivering a crafted HTML page to a victim’s browser. The patches are rolling out to Windows, macOS, and Linux, but manual updates may be needed to close the window quickly.

Why It Matters for TPRM

  • Chrome is the default browser for most enterprise workstations; unpatched versions expose the entire organization to drive‑by RCE attacks.
  • UI‑spoofing can harvest credentials from users who believe they are interacting with trusted sites, jeopardizing downstream SaaS and cloud services.
  • Vendor‑managed devices (e.g., BYOD, MSP‑controlled endpoints) may lag behind automatic roll‑out, creating uneven risk across the supply chain.

Who Is Affected

  • All industries relying on Chrome for web access (finance, healthcare, retail, manufacturing, etc.)
  • SaaS providers and cloud platforms whose users access admin consoles via Chrome
  • MSPs and IT service vendors that provision or manage end‑user devices

Recommended Actions

  • Verify that all corporate Chrome installations are on version 148.0.7778.178/179 or later.
  • Enforce automatic browser updates via group policy or endpoint‑management tools.
  • Conduct a short‑term scan for indicators of exploitation (e.g., anomalous UI dialogs, unexpected processes).
  • Request confirmation from any third‑party vendors that manage employee workstations that the patch has been applied.

Technical Notes

  • Attack vector: Remote code execution via malicious HTML pages (WebRTC use‑after‑free on Linux) and UI spoofing after renderer compromise on Windows.
  • CVEs: CVE‑2026‑9111 (use‑after‑free in WebRTC, Linux), CVE‑2026‑9110 (UI spoofing on Windows).
  • Data types exposed: Potential credential capture, session tokens, and any data entered into spoofed dialogs.

Source: Malwarebytes Labs – Update Chrome now: Critical bugs could let attackers run code

📰 Original Source
https://www.malwarebytes.com/blog/bugs/2026/05/update-chrome-now-critical-bugs-could-let-attackers-run-code

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →