Google has rolled out Chrome 145, bringing essential security fixes for 11 identified vulnerabilities, three of which are classified as high-severity. This update highlights Google’s ongoing commitment to browser security.
High-Severity Vulnerability Fixes
The most critical of these issues, CVE-2026-2313, is a use-after-free flaw in CSS, for which researchers who reported it were rewarded $8,000. The other two high-severity vulnerabilities, CVE-2026-2314 and CVE-2026-2315, involve a heap buffer overflow in Codecs and an inappropriate implementation in WebGPU, respectively. These were identified internally by Google.
Medium-Severity Issues Addressed
Among the medium-severity vulnerabilities, CVE-2026-2316, related to insufficient policy enforcement in Frames, was deemed the most severe, with a $5,000 bounty awarded. Another notable flaw, CVE-2026-2317, involves an inappropriate implementation in Animation, which earned a $2,000 reward. Additionally, two medium-severity issues in PictureInPicture and File input were resolved, with a $1,000 payout for the former.
Other medium-severity vulnerabilities included a race condition in DevTools and a use-after-free issue in Ozone. These vulnerabilities were addressed without disclosed bounty amounts.
Low-Severity Bugs and Bounty Rewards
The update also tackled two low-severity inappropriate implementation bugs affecting File Input and Downloads. In total, Google distributed over $18,000 in bug bounties to the researchers who identified these vulnerabilities.
The latest Chrome version 145.0.7632.45 is now available for Linux, with versions 145.0.7632.45/46 for Windows and macOS. Users are strongly advised to install these updates to safeguard their systems, as no active exploitation of these vulnerabilities has been reported.
For further reading, explore related content on recent security updates across various platforms, including Chrome, Firefox, and Apple’s iOS.
