Google has announced the release of Chrome version 146, introducing essential security updates for users across Windows, Mac, and Linux platforms. This update addresses 29 critical vulnerabilities, underlining the importance of maintaining browser security.
Patch Details and Major Vulnerabilities
The new Chrome 146.0.7680.71 release for Linux and version 146.0.7680.71/72 for Windows and Mac is set to roll out in the coming days. Among the addressed vulnerabilities, several could permit remote attackers to execute arbitrary code, compromise system integrity, or facilitate denial-of-service attacks.
One of the most critical issues resolved is CVE-2026-3913, a heap buffer overflow in the WebML component. Discovered by security researcher Tobias Wienand, this flaw was awarded a $33,000 bug bounty. Such overflows occur when data surpasses allocated memory capacity, potentially allowing malicious actors to execute remote code by directing users to specially crafted web pages.
High-Severity Flaws and Fixes
In addition to the critical flaw, 11 high-severity vulnerabilities were patched. The WebML API was notably targeted, with two high-severity vulnerabilities (CVE-2026-3914 and CVE-2026-3915) earning $43,000 each in rewards. Other significant patches addressed out-of-bounds read and use-after-free (UAF) vulnerabilities, which attackers often exploit to bypass browser security measures.
Key high-severity corrections include:
- CVE-2026-3916: Out-of-bounds read in Web Speech component.
- CVE-2026-3917 & CVE-2026-3918: Use-after-free issues in Agents and WebMCP components.
- CVE-2026-3919: Use-after-free bug in Chrome Extensions.
- CVE-2026-3921 to CVE-2026-3924: Multiple UAF bugs affecting TextEncoding, MediaStream, WebMIDI, and WindowDialog.
Additional Vulnerabilities and Security Measures
The update also mitigates several medium and low-severity issues, including incorrect security UI implementations and insufficient policy enforcement in various components. Google has rewarded over $150,000 in bug bounties to researchers who identified these vulnerabilities.
To prevent exploitation, Google restricts access to specific bug details until a majority of users have updated their browsers. This strategy helps safeguard against attacks that might exploit newly disclosed vulnerabilities.
Ensuring your browser is up-to-date is vital for security. Users can update Google Chrome by accessing the three-dot menu, selecting “Help,” and clicking “About Google Chrome.” The browser will then check for updates, automatically installing version 146. A restart is necessary to activate the new security measures.
Stay informed with our daily cybersecurity updates by following us on Google News, LinkedIn, and X. Contact us to share your cybersecurity stories.
