Google Releases Chrome 145 to Patch Critical Security Vulnerabilities
Google has rolled out Chrome version 145 to the stable channel for Windows, Mac, and Linux users, addressing 11 security vulnerabilities that could potentially allow attackers to execute malicious code on user systems. This update is being distributed over the coming weeks and includes several high-severity fixes that require immediate attention.
High-Severity Vulnerabilities Patched
The most critical flaw addressed in this update is CVE-2026-2313, a use-after-free vulnerability in the CSS component. This high-severity bug could enable attackers to execute arbitrary code by exploiting a flaw in Chrome’s CSS handling. Researchers from HexHive and the University of St. Andrews identified this issue in December 2025 and were awarded an $8,000 bounty for their discovery.
In addition to CVE-2026-2313, two other high-severity vulnerabilities have been patched:
– CVE-2026-2314: A heap buffer overflow in the Codecs component.
– CVE-2026-2315: An inappropriate implementation in the WebGPU component.
Both vulnerabilities were discovered by Google’s internal security team and could be exploited to execute arbitrary code.
Medium-Severity Vulnerabilities Addressed
The update also resolves seven medium-severity vulnerabilities, including:
– CVE-2026-2316: Insufficient policy enforcement in Frames, reported by an external researcher who received a $5,000 bounty.
– CVE-2026-2317: Inappropriate implementation in Animation, with a $2,000 bounty awarded.
– CVE-2026-2318: Inappropriate implementation in PictureInPicture, earning a $1,000 bounty.
– CVE-2026-2319: Race condition in DevTools, also awarded a $1,000 bounty.
– CVE-2026-2320: Inappropriate implementation in File input, with the bounty to be determined.
– CVE-2026-2321: Use-after-free vulnerability in Ozone, discovered internally by Google.
These issues could allow attackers to bypass security restrictions or manipulate browser behavior.
Low-Severity Vulnerabilities Fixed
Two low-severity vulnerabilities were also patched:
– CVE-2026-2322: Inappropriate implementation in File input, with a $1,000 bounty awarded.
– CVE-2026-2323: Inappropriate implementation in Downloads, earning a $500 bounty.
While these pose less immediate risk, addressing them contributes to overall browser security.
User Action Required
Users are strongly advised to update Chrome immediately to version 145.0.7632.45 for Linux or 145.0.7632.45/46 for Windows and Mac. Although Chrome typically updates automatically, users can manually check for updates by navigating to the Chrome settings menu and selecting “About Chrome.”
Google’s Ongoing Security Efforts
Google continues to employ advanced detection tools such as AddressSanitizer, MemorySanitizer, and libFuzzer to identify vulnerabilities during development, preventing many security issues from reaching end users. The company also rewards external researchers through its Vulnerability Reward Program, with bounties totaling over $18,500 awarded for the vulnerabilities addressed in this update.
Conclusion
This latest Chrome update underscores the importance of regular software updates to maintain security. By promptly addressing these vulnerabilities, Google aims to protect users from potential exploits that could compromise their systems.
