Chrome Security Update Fixes 26 Vulnerabilities Enabling Remote Malicious Code Execution

Google has released a critical security update for its Chrome desktop web browser, addressing 26 distinct vulnerabilities that could enable attackers to execute malicious code remotely.

The Stable channel update introduces versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS systems, while Linux environments will receive version 146.0.7680.153.

This substantial patch cycle is actively rolling out over the coming days and weeks, delivering essential protections against severe memory corruption flaws.

To ensure complete protection, users are strongly advised to restart their browsers immediately after the automatic download completes so the new security measures are fully applied.

Critical and High-Severity Flaws Addressed

This comprehensive security update patches three vulnerabilities rated as Critical, alongside 22 High-severity bugs and one Medium-severity issue.

The critical flaws involve an out-of-bounds memory access and an out-of-bounds read and write in the WebGL graphics component, as well as a severe use-after-free vulnerability in the Base component.

Many of the high-severity flaws, such as heap buffer overflows and integer overflows, affect core browser processing engines including WebRTC, V8, ANGLE, Blink, and WebAudio.

If left unpatched, these memory corruption vulnerabilities could allow unauthenticated remote attackers to compromise system integrity simply by tricking victims into visiting specially crafted web pages.

As part of its standard security protocol, Google heavily restricts public access to detailed bug reports and exploit chains until a vast majority of the user base has successfully applied the patch.

This delayed disclosure strategy successfully prevents opportunistic threat actors from reverse-engineering the patches to develop zero-day exploits targeting slow-to-update systems.

The company also maintains these strict data restrictions if a bug exists in a third-party library that other external projects depend on but have not yet fixed.

Individuals and enterprise organizations must prioritize timely security updates to defend against these sophisticated remote code execution threats.

Complete List of Patched Vulnerabilities

The following table details the specific security vulnerabilities addressed in this Chrome update.

CVE ID Severity Description Date Reported
CVE-2026-4439 Critical Out of bounds memory access in WebGL 2026-01-15
CVE-2026-4440 Critical Out of bounds read and write in WebGL 2026-02-20
CVE-2026-4441 Critical Use after free in Base 2026-03-03
CVE-2026-4442 High Heap buffer overflow in CSS 2026-02-16
CVE-2026-4443 High Heap buffer overflow in WebAudio 2026-02-18
CVE-2026-4444 High Stack buffer overflow in WebRTC 2026-02-21
CVE-2026-4445 High Use after free in WebRTC 2026-02-22
CVE-2026-4446 High Use after free in WebRTC 2026-02-22
CVE-2026-4447 High Inappropriate implementation in V8 2026-02-23
CVE-2026-4448 High Heap buffer overflow in ANGLE 2026-02-23
CVE-2026-4449 High Use after free in Blink 2026-02-24
CVE-2026-4450 High Out of bounds write in V8 2026-02-26
CVE-2026-4451 High Insufficient validation of untrusted input in Navigation 2026-02-26
CVE-2026-4452 High Integer overflow in ANGLE 2026-02-26
CVE-2026-4453 High Integer overflow in Dawn 2026-02-27
CVE-2026-4454 High Use after free in Network 2026-03-01
CVE-2026-4455 High Heap buffer overflow in PDFium 2026-03-01
CVE-2026-4456 High Use after free in Digital Credentials API 2026-02-28
CVE-2026-4457 High Type Confusion in V8 2026-03-01
CVE-2026-4458 High Use after free in Extensions 2026-03-04
CVE-2026-4459 High Out of bounds read and write in WebAudio 2026-03-06
CVE-2026-4460 High Out of bounds read in Skia 2026-03-06
CVE-2026-4461 High Inappropriate implementation in V8 2026-03-07
CVE-2026-4462 High Out of bounds read in Blink 2026-03-09
CVE-2026-4463 High Heap buffer overflow in WebRTC 2026-03-10
CVE-2026-4464 Medium Integer overflow in ANGLE 2026-02-24

Many of these severe security bugs were detected using internal security tools such as AddressSanitizer, MemorySanitizer, and Control Flow Integrity.

Google extended its thanks to all independent security researchers who worked during the development cycle to prevent these bugs from reaching the stable channel.

To ensure your browser is fully protected, navigate to the settings menu in Google Chrome, select the help section, and click on the “About Google Chrome” option to trigger the automatic update process.

Related Articles

Back to top button