This update version 145.0.7632.159/160 for Windows and macOS, and 145.0.7632.159 for Linux addresses three critical and seven high-severity flaws.
These issues span memory corruption, integer overflows, and implementation errors in core components like graphics engines and V8 JavaScript.
Attackers could exploit them for arbitrary code execution, data leaks, or full system compromise, especially via malicious web content.
The patch deploys gradually to minimize disruption, but Google withholds full technical details until most users update.
This aligns with their 72-hour disclosure policy to thwart rapid weaponization by threat actors. Many flaws were uncovered via fuzzing tools like AddressSanitizer and libFuzzer, highlighting proactive defense in Chrome’s development.
Three critical vulnerabilities pose the highest risk, enabling remote code execution without user interaction.
Integer overflows in ANGLE, and Skia could trigger heap corruption during graphics rendering, while a PowerVR lifecycle bug risks use-after-free attacks.
| CVE ID | Severity | Component | Vulnerability Type | Discoverer / Reward |
|---|---|---|---|---|
| CVE-2026-3536 | Critical | ANGLE | Integer overflow | cinzinga ($33,000) |
| CVE-2026-3537 | Critical | PowerVR | Object lifecycle issue | Zhihua Yao ($32,000) |
| CVE-2026-3538 | Critical | Skia | Integer overflow | Symeon Paraschoudis (TBD) |
| CVE-2026-3539 | High | DevTools | Object lifecycle issue | Zhenpeng (Leo) Lin (TBD) |
| CVE-2026-3540 | High | WebAudio | Inappropriate implementation | Davi Antônio Cruz (TBD) |
| CVE-2026-3541 | High | CSS | Inappropriate implementation | Syn4pse (TBD) |
| CVE-2026-3542 | High | WebAssembly | Inappropriate implementation | qymag1c (TBD) |
| CVE-2026-3543 | High | V8 | Inappropriate implementation | qymag1c (TBD) |
| CVE-2026-3544 | High | WebCodecs | Heap buffer overflow | Anonymous (TBD) |
| CVE-2026-3545 | High | Navigation | Insufficient data validation | Google (Internal) |
High-severity issues include heap overflows and validation gaps in WebCodecs and Navigation, potentially aiding phishing or drive-by downloads.
Users should update now: Go to Chrome > Help > About Google Chrome to relaunch with the patch. Enterprises must enforce via group policies or tools like Microsoft Intune, prioritizing endpoints exposed to untrusted sites.
No active exploitation is confirmed, but CVSS scores (likely 9.8+ for criticals) underscore urgency. Map to MITRE ATT&CK T1190 (Exploit Public-Facing Application).
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Google Issues Emergency Chrome Update to Patch 10 Security Vulnerabilities appeared first on Cyber Security News.
The DJI Romo robot vacuums. | Image: DJI On Valentine's Day, I brought you a…
Magic: The Gathering’s crossovers get harder to predict, and the second set of the year…
Pixar's Hoppers, about a young animal rights activist (Piper Curda) who transfers her mind into…
After more than five years since the last book in the series was published, Sarah…
A giant power line was knocked down Friday evening after a truck crashed into it.
Students at Caledonia Elementary School were sent home Friday morning after heavy rainfall caused flooding…
This website uses cookies.