Chrome Security Update \u2013 Patch for 29 Vulnerabilities that Allow Remote Code Execution
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Google has officially released Chrome version 146 to the stable channel, delivering crucial security updates for Windows, Mac, and Linux users.<\/a><\/p>\n Rolling out over the coming days, Chrome 146.0.7680.71 for Linux and 146.0.7680.71\/72 for Windows and Mac addresses 29 security vulnerabilities.<\/p>\n Many of these flaws, if left unpatched, could allow remote attackers to execute arbitrary code, compromise system integrity, or trigger denial-of-service conditions.<\/p>\n The most severe vulnerability resolved in this release is CVE-2026-3913, a Critical-severity heap buffer overflow in the WebML component.<\/p>\n Discovered by security researcher Tobias Wienand, this memory corruption issue earned a $33,000 bug bounty. A heap buffer overflow <\/a>occurs when a program writes more data to a memory location than the allocated size allows.<\/p>\n Threat actors can exploit this weakness to overwrite adjacent memory structures, potentially leading to remote code execution (RCE) when a user simply visits a maliciously crafted web page.<\/p>\n In addition to the critical flaw, Google patched 11 High-severity vulnerabilities. The WebML API proved to be a frequent target in this update cycle, with two additional High-severity bugs (CVE-2026-3914 and CVE-2026-3915) earning $43,000 each in bounty payouts.<\/p>\n Other significant High-severity patches include out-of-bounds read<\/a> and use-after-free (UAF) vulnerabilities across various browser components.<\/p>\n UAF flaws occur when a program attempts to access memory that has been freed, a technique attackers frequently use to bypass browser security sandboxes.<\/a><\/p>\n Key High-severity fixes include:<\/p>\n The update also resolves multiple Medium and Low-severity issues. These range from incorrect security UI implementations in components like PictureInPicture to insufficient policy enforcement in PDF and DevTools.<\/p>\n Google paid out well over $150,000 in combined bug bounties to independent researchers for identifying these issues before they could be actively exploited.<\/p>\n To protect users, Google restricts access to specific bug details<\/a> and exploit links until a majority of the user base has updated their browsers.<\/p>\n This prevents threat actors from reverse-engineering the patches to target vulnerable individuals<\/a>. As attackers increasingly target web browsers, individuals and organizations must prioritize timely security updates to protect against sophisticated threats.<\/p>\n To ensure your browser is protected, open Google Chrome, navigate to the three-dot menu, select \u201cHelp,\u201d and click on \u201cAbout Google Chrome.\u201d<\/p>\n The browser will automatically check for the version 146 update and install it. A quick browser restart is required to apply the latest protections, reinforcing your defense-in-depth strategy <\/a>against emerging vulnerabilities.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Chrome Security Update \u2013 Patch for 29 Vulnerabilities that Allow Remote Code Execution<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nHigh-Severity Vulnerabilities Patched<\/strong><\/h2>\n
\n