Google has released a critical security update for its Chrome desktop web browser, addressing 26 distinct vulnerabilities that could enable attackers to execute malicious code remotely.
The Stable channel update introduces versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS systems, while Linux environments will receive version 146.0.7680.153.
This substantial patch cycle is actively rolling out over the coming days and weeks, delivering essential protections against severe memory corruption flaws.
To ensure complete protection, users are strongly advised to restart their browsers immediately after the automatic download completes so the new security measures are fully applied.
Critical and High-Severity Flaws Addressed
This comprehensive security update patches three vulnerabilities rated as Critical, alongside 22 High-severity bugs and one Medium-severity issue.
The critical flaws involve an out-of-bounds memory access and an out-of-bounds read and write in the WebGL graphics component, as well as a severe use-after-free vulnerability in the Base component.
Many of the high-severity flaws, such as heap buffer overflows and integer overflows, affect core browser processing engines including WebRTC, V8, ANGLE, Blink, and WebAudio.
If left unpatched, these memory corruption vulnerabilities could allow unauthenticated remote attackers to compromise system integrity simply by tricking victims into visiting specially crafted web pages.
As part of its standard security protocol, Google heavily restricts public access to detailed bug reports and exploit chains until a vast majority of the user base has successfully applied the patch.
This delayed disclosure strategy successfully prevents opportunistic threat actors from reverse-engineering the patches to develop zero-day exploits targeting slow-to-update systems.
The company also maintains these strict data restrictions if a bug exists in a third-party library that other external projects depend on but have not yet fixed.
Individuals and enterprise organizations must prioritize timely security updates to defend against these sophisticated remote code execution threats.
Complete List of Patched Vulnerabilities
The following table details the specific security vulnerabilities addressed in this Chrome update.
| CVE ID | Severity | Description | Date Reported |
|---|---|---|---|
| CVE-2026-4439 | Critical | Out of bounds memory access in WebGL | 2026-01-15 |
| CVE-2026-4440 | Critical | Out of bounds read and write in WebGL | 2026-02-20 |
| CVE-2026-4441 | Critical | Use after free in Base | 2026-03-03 |
| CVE-2026-4442 | High | Heap buffer overflow in CSS | 2026-02-16 |
| CVE-2026-4443 | High | Heap buffer overflow in WebAudio | 2026-02-18 |
| CVE-2026-4444 | High | Stack buffer overflow in WebRTC | 2026-02-21 |
| CVE-2026-4445 | High | Use after free in WebRTC | 2026-02-22 |
| CVE-2026-4446 | High | Use after free in WebRTC | 2026-02-22 |
| CVE-2026-4447 | High | Inappropriate implementation in V8 | 2026-02-23 |
| CVE-2026-4448 | High | Heap buffer overflow in ANGLE | 2026-02-23 |
| CVE-2026-4449 | High | Use after free in Blink | 2026-02-24 |
| CVE-2026-4450 | High | Out of bounds write in V8 | 2026-02-26 |
| CVE-2026-4451 | High | Insufficient validation of untrusted input in Navigation | 2026-02-26 |
| CVE-2026-4452 | High | Integer overflow in ANGLE | 2026-02-26 |
| CVE-2026-4453 | High | Integer overflow in Dawn | 2026-02-27 |
| CVE-2026-4454 | High | Use after free in Network | 2026-03-01 |
| CVE-2026-4455 | High | Heap buffer overflow in PDFium | 2026-03-01 |
| CVE-2026-4456 | High | Use after free in Digital Credentials API | 2026-02-28 |
| CVE-2026-4457 | High | Type Confusion in V8 | 2026-03-01 |
| CVE-2026-4458 | High | Use after free in Extensions | 2026-03-04 |
| CVE-2026-4459 | High | Out of bounds read and write in WebAudio | 2026-03-06 |
| CVE-2026-4460 | High | Out of bounds read in Skia | 2026-03-06 |
| CVE-2026-4461 | High | Inappropriate implementation in V8 | 2026-03-07 |
| CVE-2026-4462 | High | Out of bounds read in Blink | 2026-03-09 |
| CVE-2026-4463 | High | Heap buffer overflow in WebRTC | 2026-03-10 |
| CVE-2026-4464 | Medium | Integer overflow in ANGLE | 2026-02-24 |
Many of these severe security bugs were detected using internal security tools such as AddressSanitizer, MemorySanitizer, and Control Flow Integrity.
Google extended its thanks to all independent security researchers who worked during the development cycle to prevent these bugs from reaching the stable channel.
To ensure your browser is fully protected, navigate to the settings menu in Google Chrome, select the help section, and click on the “About Google Chrome” option to trigger the automatic update process.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
