Google Chrome Emergency Update Patches Multiple Critical Vulnerabilities
Google released an emergency update for Chrome for Desktop to Stable channel 145.0.7632.159/160 (Windows/macOS) and 145.0.7632.159 (Linux), addressing 10 security vulnerabilities, including three Critical issues. Reported flaws include CVE-2026-3536 (integer overflow in ANGLE), CVE-2026-3537 (object lifecycle issue in PowerVR), and CVE-2026-3538 (integer overflow in Skia); additional High-severity bugs span components such as V8, WebAssembly, CSS, DevTools, and media-related subsystems. Google limited detailed disclosure until patch adoption increases and urged users to update promptly; reported bug bounty awards for individual findings reached up to $33,000.
The Canadian Centre for Cyber Security echoed Google’s advisory, recommending organizations apply the Chrome updates when available to remediate the affected versions. Separate Canadian Centre advisories also covered unrelated patch guidance for Drupal contributed modules (including a critical access bypass in AJAX Dashboard and moderate issues such as XSS in other modules) and a Tenable Nessus Manager vulnerability fixed in versions 10.10.3 and 10.11.3; these items are distinct from the Chrome emergency update and should be tracked independently in vulnerability management workflows.
Timeline
Mar 6, 2026
Debian releases DSA 6157-1 chromium security update
Debian published security advisory DSA 6157-1 for chromium, indicating a downstream security update in response to the Chrome/Chromium vulnerabilities. The notice was issued through the Debian security announce list.
Mar 4, 2026
Canadian Centre for Cyber Security issues Chrome update notice
The Canadian Centre for Cyber Security published advisory AV26-194, alerting users and administrators to Google's Chrome security update and recommending they review the vendor advisory and apply updates when available.
Mar 3, 2026
Google publishes Chrome Stable Channel security advisory
Google published a security advisory for Chrome for Desktop covering versions prior to 145.0.7632.159/160 on Windows and macOS and prior to 145.0.7632.159 on Linux. The advisory addressed 10 vulnerabilities, including three rated Critical, and Google said it had not observed active exploitation.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
Related Stories
Google Chrome Stable Channel Update Fixes Three High-Severity Vulnerabilities
Google released a **Chrome Stable Channel** security update for desktop, shipping **145.0.7632.116/117** for Windows and macOS and **144.0.7559.116** for Linux, and urged users to apply updates as they roll out. The Canadian Centre for Cyber Security echoed the guidance in advisory **AV26-159**, recommending administrators review Google’s bulletin and deploy the patched versions to address the disclosed vulnerabilities. Reporting on the release described an “emergency” update that fixes **three High-severity CVEs**, including multiple **out-of-bounds memory access** issues with potential exploitation impact (e.g., memory corruption that can contribute to remote code execution or exploit chains). The vulnerabilities highlighted include `CVE-2026-3061` (out-of-bounds read in Chrome’s **Media** component, reported by Luke Francis) and `CVE-2026-3062` (out-of-bounds read/write in **Tint** / WebGPU shader compiler, reported by Cinzinga), with the update recommended for rapid enterprise deployment due to the risk posed by unpatched browsers.
1 months ago
Google Chrome Zero-Day CVE-2026-2441 Exploited in the Wild
Google released an urgent *Chrome for Desktop* Stable Channel update to address **CVE-2026-2441**, a high-severity zero-day that Google said has an exploit **active in the wild**. The issue is a **use-after-free in Chrome’s CSS component**, a memory-corruption flaw that can enable code execution in the browser context when a user visits a malicious or compromised webpage; the vulnerability was reported to Google by researcher **Shaheen Fazim**. The Canadian Centre for Cyber Security echoed the need to patch Chrome, advising organizations to update beyond affected Stable Channel versions (Windows/Mac prior to `145.0.7632.68` and Linux prior to `144.0.7559.67`), while third-party reporting indicated patched Stable builds rolling out to `145.0.7632.75/.76` (Windows/Mac) and `144.0.7559.75` (Linux). Other Canadian Centre advisories published in the same period covered unrelated vendor patches for **Tenable Nessus Agent** (CVE-2026-2026), **Juniper Secure Analytics (JSA)**, **HPE SimpliVity** (Intel firmware advisories), and **PostgreSQL** point releases; these are separate remediation items and not part of the Chrome zero-day event.
1 months ago
Google Chrome 142 Emergency Update Addresses Multiple High-Risk RCE Vulnerabilities
Google released an emergency update for its Chrome browser, version 142, to patch five security vulnerabilities, including three high-severity flaws that could allow remote code execution (RCE) on Windows, macOS, Linux, and Android platforms. The most critical vulnerability, CVE-2025-12725, is an out-of-bounds write in the WebGPU graphics interface, which could enable attackers to execute arbitrary code by corrupting system memory. Two additional high-severity vulnerabilities, CVE-2025-12726 in the Views component and CVE-2025-12727 in the V8 JavaScript engine, were also addressed, both posing significant risk for memory manipulation and potential code execution. Google has limited the release of technical details to prevent exploitation before users apply the update, but internal assessments rate the vulnerabilities with a CVSS 3.1 score of 8.8, indicating a direct and serious risk. The update is being distributed across all major desktop and mobile platforms, and users are strongly advised to update Chrome promptly to mitigate the risk of exploitation. Two medium-severity issues in the Omnibox were also fixed in this release.
1 months ago