Google Urgently Releases Chrome Update to Patch 10 Critical Security Flaws
In a decisive move to bolster user security, Google has rolled out a critical update for its Chrome browser, elevating the Stable channel to version 145.0.7632.159/160 for Windows and Mac users, and version 145.0.7632.159 for Linux users. This update addresses ten security vulnerabilities, three of which are classified as Critical. The deployment is scheduled to reach users over the coming days and weeks.
Overview of Critical Vulnerabilities
Among the ten vulnerabilities patched, three have been identified as Critical:
1. CVE-2026-3536: An integer overflow in Chrome’s ANGLE graphics layer, reported by researcher cinzinga on February 18, 2026. This flaw earned a bug bounty of $33,000.
2. CVE-2026-3537: An object lifecycle issue in PowerVR, reported by Zhihua Yao of KunLun Lab on January 8, 2026, with a reward of $32,000.
3. CVE-2026-3538: Another integer overflow, this time in the Skia graphics engine, reported by Symeon Paraschoudis on February 17, 2026.
Details of High-Severity Vulnerabilities
The remaining seven vulnerabilities are rated as High severity and span various components of Chrome:
– CVE-2026-3539: An object lifecycle issue in DevTools, reported by Zhenpeng (Leo) Lin of depthfirst.
– CVE-2026-3540: An inappropriate implementation in WebAudio, reported by Davi Antônio Cruz.
– CVE-2026-3541: An inappropriate implementation in CSS, reported by Syn4pse.
– CVE-2026-3542: An inappropriate implementation in WebAssembly, reported by qymag1c.
– CVE-2026-3543: An inappropriate implementation in V8, also reported by qymag1c.
– CVE-2026-3544: A heap buffer overflow in WebCodecs, reported by an anonymous researcher.
– CVE-2026-3545: Insufficient data validation in Navigation, identified by Google’s internal security team.
Implications and Recommendations
The diversity of affected components, including graphics rendering (ANGLE, Skia, PowerVR), JavaScript execution (V8), multimedia processing (WebAudio, WebCodecs), and web standards (CSS, WebAssembly), underscores the extensive attack surface present in modern browsers. Vulnerabilities such as integer overflows and heap buffer overflows are particularly concerning, as they can be exploited to achieve remote code execution or bypass security sandboxes.
Google has not reported any active exploitation of these vulnerabilities at this time. However, given the Critical severity ratings, it is imperative for all Chrome users to update their browsers promptly.
How to Update Chrome
To ensure your browser is up-to-date:
1. Open Chrome.
2. Click on the three-dot menu in the upper-right corner.
3. Navigate to Help and select About Google Chrome.
4. Chrome will automatically check for updates and install them if available.
5. Restart the browser to complete the update process.
Enterprise administrators are advised to expedite the deployment of this update across all managed endpoints to mitigate potential security risks.
