ChromeOSphere

Stable Channel Update for ChromeOS / ChromeOS Flex

By

Chrome Releases

The ChromeOS Stable channel is being updated to OS version 16503.60.0 (Browser version 144.0.7559.108) for most ChromeOS devices.

If you find new issues, please let us know one of the following ways:
  1. File a bug

  2. Visit our ChromeOS communities

    1. General: Chromebook Help Community

    2. Beta Specific: ChromeOS Beta Help Community

  3. Report an issue or send feedback on Chrome

  4. Interested in switching channels? Find out how.

Alon Bajayo

Google ChromeOS


ChromeOS Vulnerability Rewards Program Reported Bug Fixes:

N/A

Other 3rd Party Security Fixes Included:

  • Medium Fixes CVE-2025-6349 Mali GPU Kernel Driver allows improper GPU memory processing operations
  • Low Fixes CVE-2024-58093 Use After Free vulnerability in Linux kernel PCI/ASPM link state handling
  • High Fixes CVE-2025-6349 Use After Free vulnerability in Mali GPU CSF queue handling.
  • Low Fixes CVE-2024-58093 Use After Free vulnerability in Linux kernel PCI/ASPM link state handling.
  • Medium Fixes CVE-2025-21871 System Hang (Denial of Service) vulnerability in OP-TEE RPC processing.
  • Low Fixes CVE-2025-21992 System Hang (Denial of Service) vulnerability in the HID Sensor Hub via the HP 5MP Camera interface.CVE-2023-53865
  • Low Fixes CVE-2025-21765 information Leak (Race Condition) vulnerability in the Linux IPv6 stack.
  • Low Fixes CVE-2025-21781 Memory Safety (Crash) vulnerability in the Batman-adv networking module
  • Low Fixes CVE-2024-58051 Memory Safety (NULL pointer dereference) vulnerability in the IPMI/IPMB driver.
  • Low Fixes CVE-2025-21823 Potential invalid memory access (UAF) vulnerability in the Batman-adv networking module.
  • Low Fixes CVE-2024-58014 Out-of-bounds Access vulnerability in the Broadcom Wi-Fi driver (brcmsmac).
  • Low Fixes CVE-2024-58009 Memory Safety (NULL pointer dereference) vulnerability in the Bluetooth L2CAP layer.
  • Low Fixes CVE-2023-53731 Kernel Deadlock (IRQ lock inversion) vulnerability in the Netlink interface.
  • Low Fixes CVE-2023-53725 Memory Leak vulnerability in the Cadence TTC clocksource driver.
  • Low Fixes CVE-2024-58093 Use After Free vulnerability in Linux kernel PCI/ASPM link state handling.
  • Medium Fixes CVE-2024-36342 Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.
  • High Fixes CVE-2024-36325 Arbitrary writes to SOC registers via AMDGPU VCN JPEG command processor

Android Security fixes can be found here

Chrome Browser Security Fixes:

  • [$4000.0] [469143679] Medium CVE-2026-0902 inappropriate implementation in V8. Reported by 303f06e3 on 2025-12-16
  • [$TBD] [465730465] High CVE-2026-0900 Inappropriate implementation in V8. Reported by Google on 2025-12-03
  • [$TBD] [465466773] Medium CVE-2026-0905 Insufficient policy enforcement in Network. Reported by Google on 2025-12-02
  • [$8000.0] [458914193] High CVE-2026-0899 Out of bounds memory access in V8. Reported by @p1nky4745 on 2025-11-08
  • [$TBD] [452209503] Low CVE-2026-0908 Use after free in ANGLE. Reported by Glitchers BoB 14th. on 2025-10-15
  • [$1000.0] [452209495] Medium CVE-2026-0904 Incorrect security UI in Digital Credentials. Reported by Hafiizh on 2025-10-15
  • [$500.0] [444653104] Low CVE-2026-0907 Incorrect security UI in Split View. Reported by Hafiizh on 2025-09-12


Posted in:

Tagged with: