Google has released Chrome 145 to the stable channel for Windows, Mac, and Linux systems, addressing 11 security vulnerabilities that could allow attackers to execute malicious code on affected systems.
The update, announced on February 10, 2026, will roll out gradually over the coming days and weeks.
Critical Security Fixes
The update patches several high-severity vulnerabilities that pose significant risks to users.
The most severe flaw is CVE-2026-2313, a use-after-free vulnerability in CSS that earned researchers an $8,000 bounty.
This type of vulnerability allows attackers to execute arbitrary code by accessing memory after it has been freed.
Two additional high-severity issues were identified by Google’s internal security teams.
CVE-2026-2314 involves a heap buffer overflow in Codecs, while CVE-2026-2315 addresses an inappropriate implementation in WebGPU.
| CVE ID | Severity | Vulnerability Type | Reporter |
|---|---|---|---|
| CVE-2026-2313 | High | Use after free | Han Zheng (HexHive), Wenhao Fang (University of St. Andrews), Qinying Wang (HexHive) |
| CVE-2026-2314 | High | Heap buffer overflow | |
| CVE-2026-2315 | High | Inappropriate implementation | |
| CVE-2026-2316 | Medium | Insufficient policy enforcement | Luan Herrera (@lbherrera_) |
| CVE-2026-2317 | Medium | Inappropriate implementation | Brendan Draper |
| CVE-2026-2318 | Medium | Inappropriate implementation | Shaheen Fazim |
| CVE-2026-2319 | Medium | Race condition | Anonymous |
| CVE-2026-2320 | Medium | Inappropriate implementation | Alesandro Ortiz |
| CVE-2026-2321 | Medium | Use after free | |
| CVE-2026-2322 | Low | Inappropriate implementation | Robbe Van Roey (PinkDraconian) |
| CVE-2026-2323 | Low | Inappropriate implementation | Hafiizh |
Both vulnerabilities could enable remote code execution if exploited successfully.
The update also resolves six medium-severity vulnerabilities affecting various Chrome components.
CVE-2026-2316, discovered by security researcher Luan Herrera, addresses insufficient policy enforcement in Frames and earned a $5,000 reward.
Other medium-severity fixes target issues in Animation, PictureInPicture, DevTools, File input, and Ozone components.
Two low-severity vulnerabilities (CVE-2026-2322 and CVE-2026-2323) affecting File input and Downloads were also patched, with researchers receiving $1,000 and $500 rewards respectively.
Chrome 145.0.7632.45 is now available for Linux users, while Windows and Mac users will receive versions 145.0.7632.45 or 145.0.7632.46.
The update includes numerous fixes and improvements beyond security patches, with a complete changelog available through the Chromium repository.
Google credits multiple security researchers and its internal teams for discovering these vulnerabilities.
Many bugs were identified using advanced security tools including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.
The company maintains restricted access to detailed bug information until most users have updated their browsers.
Users should update Chrome immediately by navigating to Settings > About Chrome, where the browser will automatically check for and install the latest version.
Given the severity of the patched vulnerabilities, particularly those enabling code execution, prompt updating is essential to maintain security.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google
