27.01.2026
2 min
348
Google has issued an emergency Chrome browser update to address a high-risk vulnerability affecting the Background Fetch API in Chrome. The Background Fetch API allows web sites to create background downloads of large files (even when a tab/window is closed). This vulnerability could be used to exploit background downloads to cause potential security/privacy risks to users. It is recommended that users upgrade their Chrome browser immediately.
This vulnerability (CVE-2026-1504) resulted from incorrect implementation of the Background Fetch API, which is a feature used to provide seamless downloading of files (i.e., video, installers, etc.) in the background, even if you have closed the tab/browser window. Due to this error, a malicious site could potentially circumvent security constraints, mismanage permissions, or improperly request and execute dangerous background actions with little or no knowledge of the user.
Luan Herrera, a security researcher, reported the issue on January 9, 2026, and received a $3000 reward via Google’s Vulnerability Reward Program. To address this issue, Google has updated Chrome to Version 144.0.7559.109/.110 on Windows & Mac OS X; and 144.0.7559.109 on Linux.
Google has temporarily restricted disclosure of additional technical details regarding the vulnerability to protect against reverse engineering of the patch, and subsequent use of unpatched versions of Chrome.
The Background Fetch API was created to enhance the user experience by providing continuous file downloads (videos, installers, etc.). Since these processes occur “behind-the-scenes,” however, the improper implementation of this feature could result in serious security implications.
While Google is unaware of any current exploits of this vulnerability, the high risk level indicates that potential consequences are significant enough to warrant immediate action. Therefore, it is highly recommended that users update their Chrome browser as soon as possible, and organizations should also take prompt action to ensure all managed systems are properly updated.
