The update promotes Chrome version 146 to the stable channel for Windows, Mac, and Linux platforms and was officially released on March 10, 2026.
Users are strongly encouraged to update their browsers immediately to version 146.0.7680.71 for Linux and version 146.0.7680.71/72 for Windows and Mac.
The update resolves several memory corruption vulnerabilities, which are often exploited by attackers to gain control over systems through remote code execution (RCE).
The most severe issue fixed in this release is CVE-2026-3913, a critical heap buffer overflow vulnerability located in Chrome’s WebML component.
The update, issued on March 10, 2026, resolves 29 security vulnerabilities. This flaw was discovered by security researcher Tobias Wienand and earned a $33,000 bug bounty through Google’s vulnerability reward program.
Heap buffer overflow vulnerabilities occur when a program writes more data to memory than allocated, potentially overwriting adjacent memory regions.
Attackers can exploit such flaws to crash applications or execute arbitrary code. In the case of Chrome, successful exploitation could allow a remote attacker to fully compromise a victim’s system simply by convincing them to visit a malicious webpage.
In addition to the critical flaw, Google patched 11 high-severity vulnerabilities. Many of these involve “Use After Free” (UAF) errors and out-of-bounds memory access bugs affecting multiple browser components such as Web Speech, Agents, Extensions, TextEncoding, and MediaStream.
UAF vulnerabilities are particularly dangerous because they occur when a program continues to use memory after it has been freed.
Attackers can manipulate these memory references to inject malicious code or gain control over the browser process.
Chrome developers also resolved 17 medium and low-severity vulnerabilities across several components, including the V8 JavaScript engine, Chrome PDF viewer, developer tools, and navigation systems.
These issues include insufficient policy enforcement, side-channel information leaks, incorrect security user interface implementations, and memory access errors.
| CVE ID | Severity | Component & Vulnerability |
|---|---|---|
| CVE-2026-3913 | Critical | Heap buffer overflow in WebML |
| CVE-2026-3914 | High | Integer overflow in WebML |
| CVE-2026-3915 | High | Heap buffer overflow in WebML |
| CVE-2026-3916 | High | Out-of-bounds read in Web Speech |
| CVE-2026-3917 | High | Use-after-free in Agents |
| CVE-2026-3918 | High | Use-after-free in WebMCP |
| CVE-2026-3919 | High | Use-after-free in Extensions |
| CVE-2026-3920 | High | Out-of-bounds memory access in WebML |
| CVE-2026-3921 | High | Use-after-free in TextEncoding |
| CVE-2026-3922 | High | Use-after-free in MediaStream |
| CVE-2026-3923 | High | Use-after-free in WebMIDI |
| CVE-2026-3924 | High | Use-after-free in WindowDialog |
Users should apply the update immediately to reduce the risk of exploitation. Updating Chrome is simple and can be completed within a few steps:
Security experts emphasize that browsers are prime targets for threat actors because they act as the primary gateway to the internet.
Regularly applying updates is one of the most effective ways to protect systems from exploitation and emerging web-based threats.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Google Chrome Security Update Fixes 29 Vulnerabilities, Including Remote Code Execution Flaws appeared first on Cyber Security News.
Invincible is returning for its fourth season, which will finally pit Mark against one of…
The GeForce RTX 5070 Ti is an excellent graphics card for gaming at up to…
Lindsey Vaughn, a single mother of three and survivor of family violence, was recognized as…
BRECKENRIDGE, Texas (KTAB/KRBC) - On this week's episode of "Bite of West Texas," host Heather…
ABILENE, Texas (KTAB/KRBC) - Longtime Abilene community leader Steve Abel has died, leaving behind a…
TAYLOR COUNTY, Texas (KTAB/KRBC) -The Taylor County Sheriff's Office is currently 'monitoring' a property that…
This website uses cookies.