Urgent Patch: Massive Google Chrome Update Patches 26 Flaws, Including 3 Critical Bugs
Do Son 
Google has announced a significant security update for the Chrome stable channel, addressing a staggering 26 security vulnerabilities. The update, which brings the browser to version 146.0.7680.153/154 for Windows and Mac and 146.0.7680.153 for Linux, is expected to roll out over the coming days and weeks.
The patch arrives as a high-priority fix for millions of users, as it resolves three vulnerabilities classified as “Critical,” alongside 22 “High” severity issues that could potentially allow attackers to compromise systems remotely.
The most severe flaws in this release target the browser’s graphical and base architectures. Among the “Critical” tier vulnerabilities are:
- CVE-2026-4439 & CVE-2026-4440: Two major memory access flaws in WebGL, including out-of-bounds reads and writes. These vulnerabilities often serve as a gateway for attackers to execute arbitrary code within the browser’s sandbox.
- CVE-2026-4441: A “Use after free” vulnerability in the Base component, discovered by Google’s own internal security team.
By exploiting these memory corruption issues, a malicious website could potentially gain unauthorized access to system resources or crash the browser to initiate further exploits.
The update also addresses a massive wave of high-severity vulnerabilities across nearly every major sub-system of the browser. These include:
-
WebRTC & WebAudio: Five vulnerabilities (CVE-2026-4444 through CVE-2026-4446, CVE-2026-4459, and CVE-2026-4463) involving stack and heap buffer overflows. These are critical for users who rely on browser-based video conferencing and media playback.
-
V8 Engine: The heart of Chrome’s JavaScript execution received four major fixes (CVE-2026-4447, CVE-2026-4450, CVE-2026-4457, and CVE-2026-4461) to resolve inappropriate implementations and type confusion errors.
-
Blink & Graphics: Issues in the Blink rendering engine, the ANGLE graphics layer, and the Skia graphics library were patched to prevent out-of-bounds writes and integer overflows.
In a standard protective move, Google is keeping the full technical details and links to these bugs restricted. Access remains limited to ensure that a majority of the user base has time to update before threat actors can develop reliable exploits based on the fix metadata.
Restrictions will also remain in place if any of these bugs exist in third-party libraries that other software projects depend on but have not yet remediated.
The update will roll out automatically for most users, but given the critical nature of the WebGL and V8 fixes, manual verification is highly recommended.
To update Chrome immediately:
- Click the three dots in the top-right corner of your browser.
- Navigate to Help > About Google Chrome.
- The browser will automatically check for and download version 146.0.7680.153/154.
- Relaunch the browser to apply the security changes.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
