Google Releases Critical Chrome Update to Patch High-Severity Vulnerabilities
Google has issued an urgent security update for its Chrome browser, addressing multiple vulnerabilities, including two high-severity flaws that could allow attackers to execute arbitrary code or cause browser instability. The update is being rolled out globally and is available as versions 145.0.7632.109/110 for Windows and Mac, and 144.0.7559.109 for Linux.
Vulnerability Details and Analysis
The update addresses three specific security issues:
1. CVE-2026-2648: A high-severity heap buffer overflow in PDFium, Chrome’s default PDF rendering engine. This vulnerability was reported by security researcher Soiax. Heap buffer overflows can lead to crashes or allow attackers to execute arbitrary code on the affected system.
2. CVE-2026-2649: A high-severity integer overflow in the V8 JavaScript engine, discovered by JunYoung Park (@candymate) of the KAIST Hacking Lab. Integer overflows can be exploited to bypass security checks or corrupt memory, potentially leading to arbitrary code execution.
3. CVE-2026-2650: A medium-severity heap buffer overflow in the Media component, found internally by Google’s security team. While rated as medium severity, this vulnerability could still be exploited to cause crashes or other unintended behavior.
In line with its security disclosure policy, Google has restricted access to detailed information about these vulnerabilities to prevent exploitation before users have had a chance to update their browsers.
How to Update Chrome
To ensure your browser is protected, follow these steps to update Chrome:
1. Open Chrome and click on the three-dot menu in the top-right corner.
2. Navigate to Help and select About Google Chrome.
3. Chrome will automatically check for updates and download the latest version.
4. Once the update is downloaded, click Relaunch to complete the installation.
Applying this update promptly is crucial to protect your system from potential exploits targeting these vulnerabilities.
