Google Chrome has released an urgent security update addressing eight high-severity vulnerabilities that could allow attackers to execute arbitrary code remotely. 
These flaws impact core browser components and could potentially enable attackers to bypass sandbox protections and compromise host systems.
Affected Versions and Updates
The stable channel is being updated to:
- Windows & macOS: 146.0.7680.164 / 146.0.7680.165
- Linux: 146.0.7680.164
Google is rolling out the update gradually to users over the coming days.
Nature of the Vulnerabilities
The patched issues primarily involve memory corruption flaws, including:
- Use-after-free vulnerabilities
- Heap buffer overflows
- Out-of-bounds reads
- Integer overflow
These issues can allow attackers to inject malicious code when users visit crafted web pages.
High-Severity Vulnerabilities Patched
| CVE | Component | Type |
|---|---|---|
| CVE-2026-4673 | WebAudio | Heap buffer overflow |
| CVE-2026-4674 | CSS | Out-of-bounds read |
| CVE-2026-4675 | WebGL | Heap buffer overflow |
| CVE-2026-4676 | Dawn | Use-after-free |
| CVE-2026-4677 | WebAudio | Out-of-bounds read |
| CVE-2026-4678 | WebGPU | Use-after-free |
| CVE-2026-4679 | Fonts | Integer overflow |
| CVE-2026-4680 | FedCM | Use-after-free |
Why These Flaws Are Dangerous
Memory corruption vulnerabilities allow attackers to:
- Execute arbitrary code
- Escape browser sandbox
- Steal user data
- Install malware
- Compromise entire systems
When chained together, these bugs increase the risk of full system compromise.
Affected Components
The vulnerabilities impact key Chrome subsystems:
- WebAudio
- WebGPU
- WebGL
- CSS rendering engine
- Fonts processing
- FedCM
- Dawn graphics layer
These are heavily used browser components, making exploitation practical.
Security Testing Tools Used
Google identified these bugs using advanced fuzzing and memory analysis tools:
- AddressSanitizer
- MemorySanitizer
- libFuzzer
These tools help detect complex memory issues before exploitation.
Patch Disclosure Strategy
Google restricts technical details temporarily to:
- Prevent exploit development
- Allow users time to update
- Reduce mass exploitation risk
This is standard industry practice.
Mitigation Steps
Users should update immediately.
How to Update Chrome
- Open Chrome menu
- Go to Help
- Click About Google Chrome
- Allow update to install
- Restart browser
Enterprise Recommendations
Administrators should:
- Push updates via patch management
- Monitor browser versions
- Enforce automatic updates
- Audit endpoint compliance
Key Takeaways
- Eight high-severity vulnerabilities fixed
- Remote code execution risk
- Memory corruption flaws patched
- Update rolling out globally
- Immediate patching recommended
Conclusion
This Chrome update addresses multiple high-risk vulnerabilities that could allow attackers to execute malicious code through crafted web content. Because browsers are frequently exposed to untrusted input, delaying updates significantly increases risk.
Users and organizations should apply the update immediately to maintain security and prevent potential compromise.
