Chrome Security Patch Fixes Vulnerabilities Enabling Code Execution
Google has issued Chrome 145 to the stable channel, a critical security update for Windows, Mac, and Linux users. The release addresses 11 security vulnerabilities. These flaws could enable attackers...
Google has issued Chrome 145 to the stable channel, a critical security update for Windows, Mac, and Linux users. The release addresses 11 security vulnerabilities. These flaws could enable attackers to execute malicious code on user systems.
The update, rolling out over the coming weeks, includes several high-severity fixes that warrant immediate attention.
The most severe flaw, CVE-2026-2313, is a use-after-free vulnerability in CSS that earned its discoverers an $8,000 bounty.
This high-severity bug could allow attackers to execute arbitrary code by exploiting a flaw in Chrome’s CSS handling.
Researchers from HexHive and the University of St. Andrews identified this critical issue in December 2025.
Two additional high-severity vulnerabilities were patched: CVE-2026-2314, a heap buffer overflow in Codecs, and CVE-2026-2315, an inappropriate implementation in WebGPU.
Google’s internal security team discovered both flaws, which could be exploited to execute code.
| CVE ID | Severity | Vulnerability Type | Component | Bounty |
|---|---|---|---|---|
| CVE-2026-2313 | High | Use after free | CSS | $8,000 |
| CVE-2026-2314 | High | Heap buffer overflow | Codecs | N/A |
| CVE-2026-2315 | High | Inappropriate implementation | WebGPU | N/A |
| CVE-2026-2316 | Medium | Insufficient policy enforcement | Frames | $5,000 |
| CVE-2026-2317 | Medium | Inappropriate implementation | Animation | $2,000 |
| CVE-2026-2318 | Medium | Inappropriate implementation | PictureInPicture | $1,000 |
| CVE-2026-2319 | Medium | Race condition | DevTools | $1,000 |
| CVE-2026-2320 | Medium | Inappropriate implementation | File input | TBD |
| CVE-2026-2321 | Medium | Use after free | Ozone | N/A |
| CVE-2026-2322 | Low | Inappropriate implementation | File input | $1,000 |
| CVE-2026-2323 | Low | Inappropriate implementation | Downloads | $500 |
The update addresses seven medium-severity vulnerabilities, including insufficient policy enforcement in frames and race conditions in DevTools.
Inappropriate implementations across components such as Animation, PictureInPicture, and File input. These issues could enable attackers to bypass security restrictions or manipulate browser behavior.
Two low-severity vulnerabilities in File input and Downloads were also patched, though they pose less immediate risk to users.
Google awarded bounties totaling over $18,500 to security researchers who responsibly disclosed these vulnerabilities.
The highest rewards went to academic researchers and independent security experts who identified critical flaws before they could be exploited in the wild.
Users should update Chrome immediately to version 145.0.7632.45 (Linux) or 145.0.7632.45/46 (Windows/Mac).
The browser typically updates automatically, but users can manually check for updates through Chrome’s settings menu under “About Chrome.”
Google continues to leverage advanced detection tools like AddressSanitizer, MemorySanitizer, and libFuzzer to identify vulnerabilities during development, preventing many security issues from reaching end users.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.