Google Chrome Security Update Fixes 29 Vulnerabilities, Including Remote Code Execution Flaws - cyberpress.org

Google Chrome Security Update Fixes 29 Vulnerabilities, Including Remote Code Execution Flaws By AnuPriya March 12, 2026 Categories: Cyber Security NewsCybersecurityVulnerability Google has released a critical security update for its Chrome browser, addressing 29 vulnerabilities that could potentially allow attackers to execute malicious code and compromise user systems. The update promotes Chrome version 146 to the stable channel for Windows, Mac, and Linux platforms and was officially released on March 10, 2026. Users are strongly encouraged to update their browsers immediately to version 146.0.7680.71 for Linux and version 146.0.7680.71/72 for Windows and Mac. The update resolves several memory corruption vulnerabilities, which are often exploited by attackers to gain control over systems through remote code execution (RCE). Critical Vulnerability in WebML The most severe issue fixed in this release is CVE-2026-3913, a critical heap buffer overflow vulnerability located in Chrome’s WebML component. The update, issued on March 10, 2026, resolves 29 security vulnerabilities. This flaw was discovered by security researcher Tobias Wienand and earned a $33,000 bug bounty through Google’s vulnerability reward program. Heap buffer overflow vulnerabilities occur when a program writes more data to memory than allocated, potentially overwriting adjacent memory regions. Attackers can exploit such flaws to crash applications or execute arbitrary code. In the case of Chrome, successful exploitation could allow a remote attacker to fully compromise a victim’s system simply by convincing them to visit a malicious webpage. In addition to the critical flaw, Google patched 11 high-severity vulnerabilities. Many of these involve “Use After Free” (UAF) errors and out-of-bounds memory access bugs affecting multiple browser components such as Web Speech, Agents, Extensions, TextEncoding, and MediaStream. UAF vulnerabilities are particularly dangerous because they occur when a program continues to use memory after it has been freed. Attackers can manipulate these memory references to inject malicious code or gain control over the browser process. Chrome developers also resolved 17 medium and low-severity vulnerabilities across several components, including the V8 JavaScript engine, Chrome PDF viewer, developer tools, and navigation systems. These issues include insufficient policy enforcement, side-channel information leaks, incorrect security user interface implementations, and memory access errors. High-Severity Chrome 146 Vulnerabilities CVE ID Severity Component & Vulnerability CVE-2026-3913 Critical Heap buffer overflow in WebML CVE-2026-3914 High Integer overflow in WebML CVE-2026-3915 High Heap buffer overflow in WebML CVE-2026-3916 High Out-of-bounds read in Web Speech CVE-2026-3917 High Use-after-free in Agents CVE-2026-3918 High Use-after-free in WebMCP CVE-2026-3919 High Use-after-free in Extensions CVE-2026-3920 High Out-of-bounds memory access in WebML CVE-2026-3921 High Use-after-free in TextEncoding CVE-2026-3922 High Use-after-free in MediaStream CVE-2026-3923 High Use-after-free in WebMIDI CVE-2026-3924 High Use-after-free in WindowDialog Users should apply the update immediately to reduce the risk of exploitation. Updating Chrome is simple and can be completed within a few steps: Open Google Chrome and click the three-dot menu in the top-right corner. Navigate to “Help” and select “About Google Chrome.” Allow Chrome to automatically download and install version 146.0.7680.71 or 146.0.7680.72. Restart the browser to apply the security fixes. Ensure automatic updates remain enabled for future security patches. Security experts emphasize that browsers are prime targets for threat actors because they act as the primary gateway to the internet. Regularly applying updates is one of the most effective ways to protect systems from exploitation and emerging web-based threats. Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google. Share Facebook Twitter Pinterest WhatsApp AnuPriya Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends. Recent Articles Operation PowerOFF Takes Down 75,000 DDoS Attackers and 50+ Service Domains Cyber Security News April 17, 2026 Windows Defender Zero-Day Leak Fuels Active Exploitation Campaigns Cyber Security News April 17, 2026 OpenAI Expands Cyber Defense Program With GPT-5.4-Cyber Access for Trusted Organizations Cyber Security News April 17, 2026 Hackers Exploit TP-Link Router Flaw To Spread Mirai Malware Cyber Security News April 17, 2026 Microsoft Confirms Windows Servers Enter Reboot Loops Following April Patches Cyber Security News April 17, 2026 Related Stories Cyber Security News Operation PowerOFF Takes Down 75,000 DDoS Attackers and 50+ Service Domains AnuPriya - April 17, 2026 Cyber Security News Windows Defender Zero-Day Leak Fuels Active Exploitation Campaigns AnuPriya - April 17, 2026 Cyber Security News OpenAI Expands Cyber Defense Program With GPT-5.4-Cyber Access for Trusted Organizations AnuPriya - April 17, 2026 Cyber Security News Hackers Exploit TP-Link Router Flaw To Spread Mirai Malware Varshini - April 17, 2026 Cyber Security News Microsoft Confirms Windows Servers Enter Reboot Loops Following April Patches AnuPriya - April 17, 2026 Cyber Security News PoC Exploit Released for FortiSandbox Vulnerability that Allows attacker to execute commands AnuPriya - April 17, 2026 LEAVE A REPLY Comment: Name:* Email:* Website: