Google has announced a significant update for its Chrome browser, releasing version 145 for Windows, Mac, and Linux. This update addresses 11 security vulnerabilities, including several that could potentially allow attackers to execute harmful code on user machines.
High-Severity Vulnerabilities Patched
The latest update, which is set to be widely available in the coming weeks, focuses on several high-severity issues that require immediate user attention. Among these is the most critical flaw, identified as CVE-2026-2313, a use-after-free vulnerability in Chrome’s CSS component. This flaw was reported by researchers from HexHive and the University of St. Andrews in December 2025, earning them an $8,000 bounty for their discovery.
In addition to CVE-2026-2313, Google has also addressed two other high-severity vulnerabilities: CVE-2026-2314, a heap buffer overflow within the Codecs, and CVE-2026-2315, an inappropriate implementation within WebGPU. Both of these issues were discovered internally by Google’s security team and could be exploited to execute arbitrary code.
Medium and Low-Severity Issues Resolved
The update also includes fixes for seven medium-severity vulnerabilities. These include issues such as insufficient policy enforcement in frames, race conditions within DevTools, and inappropriate implementations in various components like Animation, PictureInPicture, and File input. These vulnerabilities could potentially allow attackers to bypass security measures or alter browser behavior.
Additionally, two low-severity vulnerabilities in File input and Downloads have been patched. While these pose less risk, addressing them is part of Google’s ongoing efforts to ensure comprehensive browser security.
Google’s Commitment to Security
Google has awarded over $18,500 in bounties to security researchers who disclosed these vulnerabilities responsibly. The highest rewards were given to those who identified critical issues before they could be exploited in real-world scenarios.
Users are strongly encouraged to update their Chrome browsers immediately to version 145.0.7632.45 for Linux or 145.0.7632.45/46 for Windows and Mac. While Chrome typically updates automatically, users can manually verify the update by navigating to the “About Chrome” section in the settings menu.
Google continues to utilize advanced detection tools such as AddressSanitizer, MemorySanitizer, and libFuzzer during the development phase. These tools play a crucial role in identifying vulnerabilities, thus preventing many potential security issues from affecting end users.
Stay informed on the latest cybersecurity news by following us on Google News, LinkedIn, and X, or contact us to feature your own security stories.
