Skip to main content
Glen H 5565
Glen H 5565
New Member
April 29, 2026
Question

LTS channel for ChromeOS - Major update 144

  • April 29, 2026
  • 2 replies
  • 99 views

With regards to the LTS channel for ChromeOS and the most recent major update 144 - does it patch cve-2026-5281 (most recent zero day exploit)

2 replies

Lynda
LyndaCommunity Manager
Community Manager
April 29, 2026

Hi ​@Glen H 5565 

 

No, the latest LTS channel is not currently patched for cve-2026-5281 (see here).

 

To remediate this, you have two primary options:

  1. Switch to the Stable Channel: Move critical devices to the Stable channel, which is currently on version 146 or higher.

  2. Wait for an LTS "Backport": Keep an eye on the Chrome Releases Blog for an "LTS Channel Update" specifically mentioning CVE-2026-5281.

 

Hope this helps,

 

Lynda

    carolmerisio
    carolmerisio
    New Member
    May 21, 2026

    My recommendation: if CVE-2026-5281 is an active zero-day and the LTS 144 release note doesn't clearly mention the fix, treat devices as potentially still vulnerable until you confirm the patched version in the official Google/Chrome Releases bulletin.

    The rule of thumb is this:

    Only consider CVE-2026-5281 fixed on LTS 144 channel if the official update notes mention one of these things:

    1. CVE-2026-5281 explicitly , or
    2. That the update includes the Chrome/Chromium security patches starting from the version in which this CVE was fixed, or
    3. The LTS 144 channel has been updated to a build equal to or higher than the patched version of ChromeOS/Chrome.

    Important: ChromeOS LTS/LTC channel typically receives updates in a more controlled and delayed manner compared to the Stable channel. Therefore, it's not possible to automatically assume that the most recent zero-day exploit has already been fixed just because a "144 main update" has been released.

    To verify this information safely, look for the following in the official update notes:

    CVE- 2026-5281

    or by terms such as:

    Security fixesChrome security updateZero-dayExploited in the wildLong-term support channelLTS 144


      * Translated by the Community Management team - original content below:

    ----

    Minha recomendação: se a CVE-2026-5281 é uma zero-day ativa e a nota do LTS 144 não menciona claramente a correção, trate os dispositivos como potencialmente ainda vulneráveis até confirmar a versão corrigida no boletim oficial do Google/Chrome Releases.

    A regra prática é esta:

    Só considere a CVE-2026-5281 corrigida no canal LTS 144 se a nota oficial da atualização mencionar uma destas coisas:

    1. A CVE-2026-5281 explicitamente, ou
    2. Que a atualização inclui os patches de segurança do Chrome/Chromium a partir da versão em que essa CVE foi corrigida, ou
    3. Que o canal LTS 144 foi atualizado para uma build igual ou superior à versão corrigida do ChromeOS/Chrome.

    Importante: o canal LTS/LTC do ChromeOS costuma receber atualizações mais controladas e atrasadas em relação ao canal Stable. Então, não dá para presumir automaticamente que a exploração de dia zero mais recente já foi corrigida só porque saiu uma “atualização principal 144”.

    Para verificar com segurança, procure na nota oficial da atualização por:

    CVE-2026-5281

    ou por termos como:

    Security fixes
    Chrome security update
    Zero-day
    Exploited in the wild
    Long-term support channel
    LTS 144

     

    Terms & ConditionsAccessibility statement