Google released Chrome 146 to patch eight high-severity memory-safety vulnerabilities, including heap buffer overflows, out-of-bounds reads, use-after-free bugs, and an integer overflow. Notable fixes include CVE-2026-4673 and CVE-2026-4677 in WebAudio (the former earned a $7,000 bounty), and users should update to Chrome 146.0.7680.164/165 immediately to reduce exposure to active exploits. #Chrome146 #WebAudio
Keypoints
- Chrome 146 fixes eight high-severity memory safety vulnerabilities.
- CVE-2026-4673 is a WebAudio heap buffer overflow that earned a $7,000 bug bounty.
- Other fixes address WebAudio CVE-2026-4677, CSS CVE-2026-4674, WebGL CVE-2026-4675, Dawn/WebGPU/FedCM use-after-free issues, and a Fonts integer overflow.
- Security patches were released in Chrome 146.0.7680.164/165 for Windows and macOS, and 146.0.7680.164 for Linux.
- Users are urged to update immediately after Google also issued emergency patches for two zero-days (CVE-2026-3909 and CVE-2026-3910) that may be targeted by commercial surveillance vendors.
Read More: https://www.securityweek.com/chrome-146-update-patches-high-severity-vulnerabilities/