Ddos 
Google has initiated an urgent rollout for the Chrome Stable channel, delivering a crucial update to patch three newly disclosed security vulnerabilities. The update, which brings Chrome to version 145.0.7632.109/110 for Windows and Mac, and 144.0.7559.109 for Linux, addresses memory corruption and arithmetic errors deep within the browser’s core engines.
With two of the three vulnerabilities carrying a “High” severity rating, administrators and everyday users alike are urged to verify their browser versions as the update propagates over the coming days and weeks.
The first high-severity flaw resides in PDFium, Chrome’s built-in PDF rendering engine. Tracked as CVE-2026-2648, this vulnerability is categorized as a heap buffer overflow.
A heap buffer overflow occurs when a program attempts to write more data to a dynamically allocated memory area (the heap) than it was designed to hold. This overflow can overwrite adjacent memory structures, leading to erratic browser behavior, crashes, orβin the worst-case scenarioβallowing a remote attacker to execute arbitrary code simply by tricking a victim into viewing a maliciously crafted PDF file.
The second high-severity vulnerability, CVE-2026-2649, targets Chrome’s powerhouse JavaScript and WebAssembly engine, V8. Discovered and reported by JunYoung Park (@candymate) of the KAIST Hacking Lab on February 3, 2026, this flaw involves an integer overflow.
An integer overflow happens when an arithmetic operation produces a result that exceeds the maximum storage capacity of its designated integer type. In the context of the V8 engine, if an attacker can trigger an integer overflow during a memory allocation calculation, the browser might allocate a buffer that is far too small. Subsequent data writes will then overflow that tiny buffer, paving the way for heap corruption and potential remote code execution via a weaponized HTML page.
The third flaw is a “Medium” severity vulnerability, CVE-2026-2650, which was discovered internally by Google engineers on January 18, 2026. Similar to the PDFium bug, this is also a heap buffer overflow, but it affects Chrome’s Media component. While Google has rated this with a lower severityβlikely due to the complexity of exploitation or built-in sandbox mitigationsβit still poses a risk when processing untrusted, maliciously formatted media files online.
To ensure protection against these vulnerabilities, users should manually trigger the update process. Open Chrome, navigate to the three-dot menu in the upper right corner, select Help, and click About Google Chrome. The browser will automatically check for the latest version, download the patch, and prompt you to restart to apply the fixes.
Related Posts:
- Google Chrome Patches Three High-Severity Flaws in V8 Engine
- Pwn2Own: Firefox Hacked with JavaScript Zero-Days – Details on the Exploits
- Chrome Update Alert: Two High-Severity Flaws Patched β Update Now to Stay Safe!
- VirtualBox VM Escape: Integer Overflow Flaw Allows Full Host Takeover, PoC Published
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
