Google has released version 146 of Chrome to the stable channels of Windows, Mac, and Linux. The update fixes 29 security vulnerabilities. One of them received a critical rating and could allow remote code execution through manipulated web pages. The company promoted version 146.0.7680.71 for Linux and 146.0.7680.71/72 for Windows and Mac. The release took place on March 10, 2026 and the rollout continues progressively for users.
The most serious flaw identified as CVE-2026-3913 involves a heap buffer overflow in the WebML component. Esse module supports high-performance machine learning inference directly in the browser. Ataques exploit specially crafted HTML pages to corrupt heap memory and potentially execute arbitrary code. Pesquisador Tobias Wienand reported the vulnerability and received a $33,000 bounty through the Google bug bounty program. Até There are currently no reports of active exploitation of this flaw in real attacks.
Details of critical and high vulnerabilities
The update addresses a number of memory corruption issues. Muitas flaws allow remote attackers to compromise the browser via malicious web content.
Eleven vulnerabilities received a high rating. Entre they highlight CVE-2026-3914, an integer overflow in WebML reported by cizinga, and CVE-2026-3915, another heap buffer overflow in the same component, also discovered by Tobias Wienand. CVE-2026-3916 refers to an out-of-bounds read in Web Speech.
Other high crashes include use after free in components such as Agents, WebMCP, Extensões, TextEncoding, MediaStream, WebMIDI, and WindowDialog. Essas vulnerabilities increase the risk of code execution or improper access to sensitive data when the user interacts with compromised pages.
Impact on specific browser components
Several fixes focus on WebML due to its relevance to on-device AI capabilities. The component processes machine learning tasks directly on the user’s hardware. Falhas in this module pose a significant threat as they exploit web content rendering.
Other affected modules include Web Speech for speech recognition, V8 for JavaScript execution, and Picture-in-Picture for video playback. Incorrect security interface Problemas appears in LookalikeChecks, PictureInPicture, and WebAppInstalls. Aplicação insufficient policies occur in Extensions, PDF, ChromeDriver, Downloads, Área of Transferência, and Ferramentas of Desenvolvedor.
How to update Google Chrome immediately
Users should check the current version by visiting chrome://settings/help. The browser updates automatically in most cases. Caso the update does not occur, click “Update Google Chrome” and restart the browser to apply the fixes.
Chrome for desktop supports Windows 10 and 11, as well as Mac and Linux. The version is available for free download on the official Google website. Recomenda update as quickly as possible to mitigate risks of exploitation by malicious pages.
Security recommendations for users
Keep your browser always updated to receive security patches. Evite access suspicious links or untrustworthy websites. Ative advanced protection features in Chrome when available.
Google continues to monitor reports of exploitation. The company encourages researchers to report bugs through the rewards program. Regular Atualizações strengthen protection against emerging threats in the web environment.
Other fixes included in the release
The release also fixes medium and low severity vulnerabilities. Problemas include side-channel information leakage in ResourceTiming, insecure browsing in Navigation, and buffer overflow in Skia. Correções in PDF and extensions improve security policy enforcement.
These updates contribute to greater stability and overall browser protection. Google prioritizes quickly fixing bugs that affect billions of users around the world.