Google Chrome Stable Channel Updates Fix Desktop Vulnerabilities
Google released security updates for Chrome Stable Channel on Desktop to address vulnerabilities affecting Windows, macOS, and Linux systems. One advisory covered versions prior to 146.0.7680.164/165 on Windows and macOS and 146.0.7680.164 on Linux, with the Canadian Centre for Cyber Security urging organizations to review Google’s bulletin and deploy updates as they become available.
A subsequent advisory addressed additional Chrome desktop flaws in versions prior to 147.0.7727.55/56 on Windows and macOS and 147.0.7727.55 on Linux. The Canadian Centre for Cyber Security again called on users and administrators to apply the latest browser updates promptly, underscoring continued patching activity for Chrome across supported desktop platforms.
Timeline
Apr 7, 2026
Google releases Chrome 147 Stable security update
Google published another security advisory addressing vulnerabilities in Stable Channel Chrome for Desktop. The affected versions were releases prior to 147.0.7727.55/56 on Windows and Mac, and prior to 147.0.7727.55 on Linux.
Mar 23, 2026
Google releases Chrome 146 Stable security update
Google published a security advisory addressing vulnerabilities in Stable Channel Chrome for Desktop. The affected versions were releases prior to 146.0.7680.164/165 on Windows and Mac, and prior to 146.0.7680.164 on Linux.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Google Chrome Stable Channel Update Fixes Three High-Severity Vulnerabilities
Google released a **Chrome Stable Channel** security update for desktop, shipping **145.0.7632.116/117** for Windows and macOS and **144.0.7559.116** for Linux, and urged users to apply updates as they roll out. The Canadian Centre for Cyber Security echoed the guidance in advisory **AV26-159**, recommending administrators review Google’s bulletin and deploy the patched versions to address the disclosed vulnerabilities. Reporting on the release described an “emergency” update that fixes **three High-severity CVEs**, including multiple **out-of-bounds memory access** issues with potential exploitation impact (e.g., memory corruption that can contribute to remote code execution or exploit chains). The vulnerabilities highlighted include `CVE-2026-3061` (out-of-bounds read in Chrome’s **Media** component, reported by Luke Francis) and `CVE-2026-3062` (out-of-bounds read/write in **Tint** / WebGPU shader compiler, reported by Cinzinga), with the update recommended for rapid enterprise deployment due to the risk posed by unpatched browsers.
1 months ago
Google Chrome Emergency Update Patches Multiple Critical Vulnerabilities
Google released an emergency update for *Chrome for Desktop* to **Stable channel 145.0.7632.159/160 (Windows/macOS)** and **145.0.7632.159 (Linux)**, addressing **10 security vulnerabilities**, including **three Critical** issues. Reported flaws include `CVE-2026-3536` (integer overflow in **ANGLE**), `CVE-2026-3537` (object lifecycle issue in **PowerVR**), and `CVE-2026-3538` (integer overflow in **Skia**); additional **High-severity** bugs span components such as **V8**, **WebAssembly**, **CSS**, **DevTools**, and media-related subsystems. Google limited detailed disclosure until patch adoption increases and urged users to update promptly; reported bug bounty awards for individual findings reached **up to $33,000**. The Canadian Centre for Cyber Security echoed Google’s advisory, recommending organizations apply the Chrome updates when available to remediate the affected versions. Separate Canadian Centre advisories also covered unrelated patch guidance for **Drupal contributed modules** (including a **critical access bypass** in *AJAX Dashboard* and moderate issues such as XSS in other modules) and a **Tenable Nessus Manager** vulnerability fixed in versions **10.10.3** and **10.11.3**; these items are distinct from the Chrome emergency update and should be tracked independently in vulnerability management workflows.
1 months ago
Google Chrome Stable Channel Update Fixes 29 Vulnerabilities Including Critical WebML Heap Overflow
Google released **Chrome 146** to the Stable channel for Windows, macOS, and Linux, addressing **29 security vulnerabilities** in versions prior to `146.0.7680.71/72` (Windows/macOS) and `146.0.7680.71` (Linux). The most severe issue highlighted is **CVE-2026-3913**, a **critical heap buffer overflow in WebML** that could enable **remote code execution** when a user visits a maliciously crafted webpage; additional high-severity fixes include multiple memory-safety bugs such as **use-after-free** and **out-of-bounds read** conditions across browser components. The Canadian Centre for Cyber Security issued advisory **AV26-220** urging organizations to review Google’s guidance and apply the Chrome updates as they become available. A separate Canadian advisory, **AV26-206**, covers **Microsoft Edge** Stable updates for versions prior to `145.0.3800.97`; while also Chromium-based, it is a distinct vendor release and should be tracked separately from the Chrome 146 patch cycle.
1 months ago