Chrome 122.0.6261.111 Fixes 8 Vulnerabilities, Including RCE
Key Takeaways Google has released an urgent security update for its Chrome browser, addressing eight high-severity vulnerabilities. These flaws, including multiple Use-After-Free and heap buffer...
Key Takeaways
- Google has released an urgent security update for its Chrome browser, addressing eight high-severity vulnerabilities.
- These flaws, including multiple Use-After-Free and heap buffer overflow issues, could enable remote code execution (RCE).
- The update affects Chrome users on Windows, macOS, and Linux, with new versions 146.0.7680.164/.165 for Windows/macOS and 146.0.7680.164 for Linux.
- Immediate patching is critical to mitigate the risk of attackers exploiting these memory corruption vulnerabilities.
Google has rolled out a critical security update for its Chrome web browser, patching eight high-severity vulnerabilities that could allow attackers to execute arbitrary code remotely. This urgent release underscores the continuous threat landscape faced by internet users and the proactive measures taken by browser developers to safeguard their platforms.
Table Of Content
The patches are now being distributed across the stable channel. Windows and macOS users will see their browsers update to version 146.0.7680.164 or 146.0.7680.165, while Linux users will receive version 146.0.7680.164. Google anticipates these essential updates will propagate to all users over the coming days and weeks, reinforcing the need for prompt action from individuals and organizations.
Chrome Security Update Details
The latest Chrome update addresses a range of dangerous memory management and processing errors embedded within the browser’s core architecture. These types of flaws are frequently targeted by malicious actors due to their potential for severe exploitation.
Critical Vulnerability Types Addressed
Among the most concerning issues resolved are several “Use-After-Free” vulnerabilities found in critical components such as Dawn, WebGPU, and FedCM. These particular flaws arise when a program attempts to access memory that has already been deallocated, creating a window for attackers to inject and execute malicious code. Successful exploitation of such vulnerabilities can lead to system instability and, more critically, remote code execution.
Additionally, Google has fixed heap buffer overflows within WebAudio and WebGL, out-of-bounds read errors in CSS, and an integer overflow affecting the Fonts component. When exploited, especially in combination, these memory corruption vulnerabilities can enable cybercriminals to bypass the browser’s security sandbox, potentially leading to a full compromise of the underlying host machine.
Google’s development teams leverage sophisticated testing tools like AddressSanitizer, MemorySanitizer, and libFuzzer to proactively identify complex security bugs before they can impact the stable user base, as detailed on the official Chrome Releases blog.
Identified High-Severity Vulnerabilities
The update specifically addresses the following eight high-severity vulnerabilities:
- CVE-2026-4673: Heap buffer overflow in WebAudio
- CVE-2026-4674: Out of bounds read in CSS
- CVE-2026-4675: Heap buffer overflow in WebGL
- CVE-2026-4676: Use after free in Dawn
- CVE-2026-4677: Out of bounds read in WebAudio
- CVE-2026-4678: Use after free in WebGPU
- CVE-2026-4679: Integer overflow in Fonts
- CVE-2026-4680: Use after free in FedCM
In line with industry best practices, Google has elected to withhold specific technical details and exploit links for these vulnerabilities. This measure is designed to give the majority of users ample time to apply the security update before threat actors can reverse-engineer the patches and develop widespread exploits. Similar restrictions are maintained when vulnerabilities exist in third-party libraries that other software projects depend on.
Google also continues to recognize and reward security researchers for their responsible disclosure efforts. A confirmed bounty of $7,000 has already been paid for the WebAudio vulnerability, with additional reward amounts for other discoveries still pending determination.
What You Should Do
- Update Immediately: All Google Chrome users should update their browsers without delay to the latest stable version (146.0.7680.164/.165 for Windows/macOS, 146.0.7680.164 for Linux).
- Manual Update Check: To ensure your browser is protected, navigate to the Chrome menu (three dots in the top right), select “Help,” and then click “About Google Chrome.” This action will prompt the browser to check for and automatically install the latest security patch.
- Enterprise Deployment: System administrators in enterprise environments must prioritize pushing this update through their patch management systems to secure all network endpoints efficiently.
- Stay Informed: Regularly check for browser updates and security advisories to maintain a strong security posture against emerging threats.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.