CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs

Google Releases Emergency Chrome Update to Fix 10 Security Vulnerabilities - CyberSecurityNews

CyberSecurityNews Archived Mar 18, 2026 ✓ Full text saved

Google Releases Emergency Chrome Update to Fix 10 Security Vulnerabilities CyberSecurityNews

Full text archived locally
✦ AI Summary · Claude Sonnet


    Home Cyber Security News Google Releases Emergency Chrome Update to Fix 10 Security Vulnerabilities Google has released a critical security update for Chrome, pushing the Stable channel to version 145.0.7632.159/160 for Windows and Mac, and 145.0.7632.159 for Linux. The update addresses 10 security vulnerabilities, including three rated Critical, and is rolling out to users over the coming days and weeks. The release follows responsible disclosure from independent security researchers and internal Google teams, with bug bounty rewards reaching up to $33,000 for a single flaw. Users are strongly encouraged to update their browsers immediately, as access to full bug details remains restricted until a majority of the user base receives the fix. Critical and High-Severity Vulnerabilities Three of the ten patched flaws carry a Critical severity rating. The most notable is CVE-2026-3536, an integer overflow in Chrome’s ANGLE graphics layer, reported by researcher cinzinga on February 18, 2026, which earned a $33,000 bounty. A second critical flaw, CVE-2026-3537, involves an object lifecycle issue in PowerVR, reported by Zhihua Yao of KunLun Lab on January 8, earning $32,000. The third critical bug, CVE-2026-3538, is an integer overflow in the Skia graphics engine, reported by Symeon Paraschoudis on February 17. The remaining seven vulnerabilities are rated High severity and span a range of Chrome subsystems, from V8 and WebAssembly to CSS and Navigation. CVE ID Severity Component Type Reporter CVE-2026-3536 Critical ANGLE Integer Overflow cinzinga CVE-2026-3537 Critical PowerVR Object Lifecycle Issue Zhihua Yao, KunLun Lab CVE-2026-3538 Critical Skia Integer Overflow Symeon Paraschoudis CVE-2026-3539 High DevTools Object Lifecycle Issue Zhenpeng (Leo) Lin, depthfirst CVE-2026-3540 High WebAudio Inappropriate Implementation Davi Antônio Cruz CVE-2026-3541 High CSS Inappropriate Implementation Syn4pse CVE-2026-3542 High WebAssembly Inappropriate Implementation qymag1c CVE-2026-3543 High V8 Inappropriate Implementation qymag1c CVE-2026-3544 High WebCodecs Heap Buffer Overflow c6eed09fc8b174b0f3eebedcceb1e792 CVE-2026-3545 High Navigation Insufficient Data Validation Google The breadth of affected components, spanning graphics rendering (ANGLE, Skia, PowerVR), JavaScript execution (V8), multimedia (WebAudio, WebCodecs), and web standards (CSS, WebAssembly), reflects the wide attack surface modern browsers expose, according to the Google advisory. Integer overflow and heap buffer overflow bugs, in particular, are frequently exploited to achieve remote code execution or sandbox escapes. Google uses several automated detection tools in its development pipeline, including AddressSanitizer, MemorySanitizer, libFuzzer, and AFL, which help catch memory safety issues before they reach the stable channel. Recommended actions: Update Chrome immediately by navigating to Settings → Help → About Google Chrome Enterprise admins should push the update via policy to all managed endpoints Monitor the Chrome Security Page for full CVE disclosures once the rollout is complete Report new issues directly via crbug.com Google has not disclosed any evidence of active exploitation for any of the ten vulnerabilities at this time, but the Critical ratings make prompt patching a priority for all Chrome users across platforms. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News Iranian Cyber Ops Maintain US Network Footholds, Target Cameras for Regional Surveillance Cyber Security News Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises Cyber Security News Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026
    💬 Team Notes
    Article Info
    Source
    CyberSecurityNews
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Archived
    Mar 18, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗