These newly patched security flaws could allow threat actors to execute arbitrary code remotely, posing a significant risk to user data and system integrity.
The stable channel is currently receiving updates to version 146.0.7680.164 or 146.0.7680.165 for Windows and macOS users.
Meanwhile, Linux users will receive version 146.0.7680.164. Google expects these critical updates to reach all users over the coming days and weeks.
The latest patches resolve several dangerous memory management and processing errors within Chrome’s underlying architecture.
Among the patched issues are “Use-After-Free” vulnerabilities in components such as Dawn, WebGPU, and FedCM.
These specific flaws occur when a program continues to use a memory pointer after the memory has been freed, allowing attackers to inject and execute malicious payloads.
Additionally, Google addressed heap buffer overflows in WebAudio and WebGL, out-of-bounds reading flaws in CSS, and an integer overflow in the Fonts component.
When chained together or successfully exploited, these memory corruption vulnerabilities give cybercriminals a path to bypass browser security sandboxes and compromise the host machine entirely.
Google’s development teams heavily rely on advanced testing tools such as AddressSanitizer, MemorySanitizer, and libFuzzer to identify complex security bugs before they reach the stable channel.
The update addresses the following eight high-severity vulnerabilities:
| CVE Identifier | Component | Vulnerability Type |
|---|---|---|
| CVE-2026-4673 | WebAudio | Heap buffer overflow |
| CVE-2026-4674 | CSS | Out of bounds read |
| CVE-2026-4675 | WebGL | Heap buffer overflow |
| CVE-2026-4676 | Dawn | Use after free |
| CVE-2026-4677 | WebAudio | Out of bounds read |
| CVE-2026-4678 | WebGPU | Use after free |
| CVE-2026-4679 | Fonts | Integer overflow |
| CVE-2026-4680 | FedCM | Use after free |
To protect the user base, Google intentionally restricts access to specific technical bug details and exploit links.
This industry standard practice ensures that most users can install the security update before threat actors can reverse-engineer the patch to launch widespread attacks.
The company also maintains restrictions if a vulnerability exists in a third-party library that other software projects depend on.
Google actively rewards security researchers for responsibly disclosing these threats, paying out a confirmed $7,000 bounty for the WebAudio vulnerability alone, with several other reward amounts still to be determined.
Cybersecurity professionals and everyday users must prioritize applying this update immediately.
To ensure your browser is fully protected against these potential remote code execution threats, navigate to the Chrome menu, select “Help,” and click on “About Google Chrome.”
This action forces the browser to check for the latest version and automatically download the security patch.
Administrators managing enterprise environments should push the update through their patch management systems to efficiently secure network endpoints.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Chrome Security Update Fixes 8 Vulnerabilities Allowing Remote Code Execution appeared first on Cyber Security News.
LaPorte, Ind. (WOWO) — A man from LaPorte has been sentenced to more than eight…
FORT WAYNE, IND. (WOWO) The Southwest Allen County Schools Board held a special meeting on…
In an aerial photograph, migrants are seen grouped together while waiting to be processed on…
In an aerial photograph, migrants are seen grouped together while waiting to be processed on…
In an aerial photograph, migrants are seen grouped together while waiting to be processed on…
This website uses cookies.