Google Fixes 10 Security Vulnerabilities in Latest Chrome Update

Google has released an urgent security update for its popular web browser, Google Chrome, to address several newly discovered security vulnerabilities. The update moves Chrome’s Stable version to 145.0.7632.159/160 for Windows and Mac and 145.0.7632.159 for Linux. According to the company, the update fixes 10 security flaws, including three critical vulnerabilities that could potentially be exploited by attackers.

The update is being rolled out gradually and will reach users over the next few days or weeks. Security experts strongly recommend that users update their browsers as soon as the update becomes available. Until most users install the fix, Google will keep detailed technical information about the vulnerabilities limited to prevent attackers from exploiting them.

Critical Security Issues

Among the ten vulnerabilities fixed in the update, three are classified as critical, meaning they could allow serious attacks such as remote code execution if exploited.

One of the most important vulnerabilities is CVE-2026-3536, which was discovered in Chrome’s ANGLE graphics layer. This issue is related to an integer overflow, a type of error that can cause unexpected behavior in software when numerical values exceed their allowed limits. The vulnerability was reported by security researcher cinzinga on February 18, 2026. Due to its severity, the researcher received a bug bounty reward of $33,000.

Another critical flaw, CVE-2026-3537, affects PowerVR, a component used for graphics processing. The issue involves a problem in the object lifecycle management system, which can potentially lead to memory-related security risks. This vulnerability was discovered by Zhihua Yao from KunLun Lab and earned a reward of $32,000.

The third critical vulnerability, CVE-2026-3538, was identified in Skia, Chrome’s graphics rendering engine. Similar to the first flaw, this issue is also an integer overflow, which may allow attackers to manipulate memory under certain conditions.

Other High-Severity Vulnerabilities

In addition to the three critical issues, the update also fixes seven high-severity vulnerabilities. These problems affect various Chrome components, including DevTools, WebAudio, CSS, WebAssembly, V8, WebCodecs, and Navigation.

Many of these flaws involve improper implementations or memory handling errors. For example, a heap buffer overflow in WebCodecs and insufficient data validation in the browser’s navigation system could potentially be exploited if not addressed.

The wide range of affected components shows how complex modern browsers have become. Today’s browsers handle graphics rendering, multimedia playback, and advanced programming environments, which increases their potential attack surface.

Security Tools and Prevention

Google uses several automated tools during development to detect security problems before software updates are released. These include AddressSanitizer, MemorySanitizer, libFuzzer, and AFL, which help developers identify memory safety issues and other vulnerabilities during testing.

Although there is currently no evidence that these vulnerabilities are being actively exploited, their severity means users should still take quick action.

See Also: Google Faces Legal Action After Gemini AI Allegedly Urged Man to Die

Recommended Actions for Users

Google advises all users to update their browsers immediately. To check for the update, open Chrome and navigate to Settings → Help → About Google Chrome. Enterprise administrators should also ensure that the update is pushed to all managed systems in their organizations.

Keeping browsers updated is one of the simplest and most effective ways to stay protected from online threats. As cyberattacks continue to evolve, timely security updates remain essential for maintaining safe browsing experiences.