Google Releases Emergency Chrome Update to Fix 10 Security Vulnerabilities

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Google has released a critical security update for Chrome, pushing the Stable channel to version 145.0.7632.159/160 for Windows and Mac, and 145.0.7632.159 for Linux. The update addresses 10 security vulnerabilities, including three rated Critical, and is rolling out to users over the coming days and weeks.

The release follows responsible disclosure from independent security researchers and internal Google teams, with bug bounty rewards reaching up to $33,000 for a single flaw.

Users are strongly encouraged to update their browsers immediately, as access to full bug details remains restricted until a majority of the user base receives the fix.

Critical and High-Severity Vulnerabilities

Three of the ten patched flaws carry a Critical severity rating. The most notable is CVE-2026-3536, an integer overflow in Chrome’s ANGLE graphics layer, reported by researcher cinzinga on February 18, 2026, which earned a $33,000 bounty.

A second critical flaw, CVE-2026-3537, involves an object lifecycle issue in PowerVR, reported by Zhihua Yao of KunLun Lab on January 8, earning $32,000. The third critical bug, CVE-2026-3538, is an integer overflow in the Skia graphics engine, reported by Symeon Paraschoudis on February 17.

The remaining seven vulnerabilities are rated High severity and span a range of Chrome subsystems, from V8 and WebAssembly to CSS and Navigation.

CVE ID Severity Component Type Reporter
CVE-2026-3536 Critical ANGLE Integer Overflow cinzinga
CVE-2026-3537 Critical PowerVR Object Lifecycle Issue Zhihua Yao, KunLun Lab
CVE-2026-3538 Critical Skia Integer Overflow Symeon Paraschoudis
CVE-2026-3539 High DevTools Object Lifecycle Issue Zhenpeng (Leo) Lin, depthfirst
CVE-2026-3540 High WebAudio Inappropriate Implementation Davi Antônio Cruz
CVE-2026-3541 High CSS Inappropriate Implementation Syn4pse
CVE-2026-3542 High WebAssembly Inappropriate Implementation qymag1c
CVE-2026-3543 High V8 Inappropriate Implementation qymag1c
CVE-2026-3544 High WebCodecs Heap Buffer Overflow c6eed09fc8b174b0f3eebedcceb1e792
CVE-2026-3545 High Navigation Insufficient Data Validation Google

The breadth of affected components, spanning graphics rendering (ANGLE, Skia, PowerVR), JavaScript execution (V8), multimedia (WebAudio, WebCodecs), and web standards (CSS, WebAssembly), reflects the wide attack surface modern browsers expose, according to the Google advisory.

Integer overflow and heap buffer overflow bugs, in particular, are frequently exploited to achieve remote code execution or sandbox escapes.

Google uses several automated detection tools in its development pipeline, including AddressSanitizer, MemorySanitizer, libFuzzer, and AFL, which help catch memory safety issues before they reach the stable channel.

Recommended actions:

  • Update Chrome immediately by navigating to Settings → Help → About Google Chrome
  • Enterprise admins should push the update via policy to all managed endpoints
  • Monitor the Chrome Security Page for full CVE disclosures once the rollout is complete
  • Report new issues directly via crbug.com

Google has not disclosed any evidence of active exploitation for any of the ten vulnerabilities at this time, but the Critical ratings make prompt patching a priority for all Chrome users across platforms.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.