Google Chrome Stable Channel Update Fixes Three High-Severity Vulnerabilities
Google released a Chrome Stable Channel security update for desktop, shipping 145.0.7632.116/117 for Windows and macOS and 144.0.7559.116 for Linux, and urged users to apply updates as they roll out. The Canadian Centre for Cyber Security echoed the guidance in advisory AV26-159, recommending administrators review Google’s bulletin and deploy the patched versions to address the disclosed vulnerabilities.
Reporting on the release described an “emergency” update that fixes three High-severity CVEs, including multiple out-of-bounds memory access issues with potential exploitation impact (e.g., memory corruption that can contribute to remote code execution or exploit chains). The vulnerabilities highlighted include CVE-2026-3061 (out-of-bounds read in Chrome’s Media component, reported by Luke Francis) and CVE-2026-3062 (out-of-bounds read/write in Tint / WebGPU shader compiler, reported by Cinzinga), with the update recommended for rapid enterprise deployment due to the risk posed by unpatched browsers.
Timeline
Feb 24, 2026
Canadian Centre for Cyber Security issues advisory on Chrome update
On 2026-02-24, the Canadian Centre for Cyber Security published advisory AV26-159 referencing Google's February 23 security update. It urged users and administrators to review Google's advisory and apply the necessary Chrome updates.
Feb 23, 2026
Google withholds detailed bug information pending patch adoption
Alongside the 2026-02-23 release, Google said technical details for the three vulnerabilities would remain restricted until most users had updated or related third-party dependencies were patched. The company also indicated there was no public statement of active in-the-wild exploitation at the time of reporting.
Feb 23, 2026
Google releases Chrome Stable update fixing three high-severity flaws
On 2026-02-23, Google published a Stable Channel update for Chrome Desktop, rolling out version 145.0.7632.116/117 for Windows and macOS and 145.0.7632.116 for Linux. The release patched three high-severity vulnerabilities: CVE-2026-3061 in Media, CVE-2026-3062 in Tint/WebGPU, and CVE-2026-3063 in DevTools.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Sources
Related Stories
Google Chrome Emergency Update Patches Multiple Critical Vulnerabilities
Google released an emergency update for *Chrome for Desktop* to **Stable channel 145.0.7632.159/160 (Windows/macOS)** and **145.0.7632.159 (Linux)**, addressing **10 security vulnerabilities**, including **three Critical** issues. Reported flaws include `CVE-2026-3536` (integer overflow in **ANGLE**), `CVE-2026-3537` (object lifecycle issue in **PowerVR**), and `CVE-2026-3538` (integer overflow in **Skia**); additional **High-severity** bugs span components such as **V8**, **WebAssembly**, **CSS**, **DevTools**, and media-related subsystems. Google limited detailed disclosure until patch adoption increases and urged users to update promptly; reported bug bounty awards for individual findings reached **up to $33,000**. The Canadian Centre for Cyber Security echoed Google’s advisory, recommending organizations apply the Chrome updates when available to remediate the affected versions. Separate Canadian Centre advisories also covered unrelated patch guidance for **Drupal contributed modules** (including a **critical access bypass** in *AJAX Dashboard* and moderate issues such as XSS in other modules) and a **Tenable Nessus Manager** vulnerability fixed in versions **10.10.3** and **10.11.3**; these items are distinct from the Chrome emergency update and should be tracked independently in vulnerability management workflows.
1 months ago
Google Chrome Stable Channel Update Fixes 29 Vulnerabilities Including Critical WebML Heap Overflow
Google released **Chrome 146** to the Stable channel for Windows, macOS, and Linux, addressing **29 security vulnerabilities** in versions prior to `146.0.7680.71/72` (Windows/macOS) and `146.0.7680.71` (Linux). The most severe issue highlighted is **CVE-2026-3913**, a **critical heap buffer overflow in WebML** that could enable **remote code execution** when a user visits a maliciously crafted webpage; additional high-severity fixes include multiple memory-safety bugs such as **use-after-free** and **out-of-bounds read** conditions across browser components. The Canadian Centre for Cyber Security issued advisory **AV26-220** urging organizations to review Google’s guidance and apply the Chrome updates as they become available. A separate Canadian advisory, **AV26-206**, covers **Microsoft Edge** Stable updates for versions prior to `145.0.3800.97`; while also Chromium-based, it is a distinct vendor release and should be tracked separately from the Chrome 146 patch cycle.
1 months ago
Google Chrome Stable Channel Updates Fix Desktop Vulnerabilities
Google released security updates for **Chrome Stable Channel on Desktop** to address vulnerabilities affecting Windows, macOS, and Linux systems. One advisory covered versions prior to **`146.0.7680.164/165`** on Windows and macOS and **`146.0.7680.164`** on Linux, with the Canadian Centre for Cyber Security urging organizations to review Google’s bulletin and deploy updates as they become available. A subsequent advisory addressed additional Chrome desktop flaws in versions prior to **`147.0.7727.55/56`** on Windows and macOS and **`147.0.7727.55`** on Linux. The Canadian Centre for Cyber Security again called on users and administrators to apply the latest browser updates promptly, underscoring continued patching activity for Chrome across supported desktop platforms.
3 weeks ago