Serious Discussion Google Chrome Stable Channel Updates

Google Chrome 146.0.7680.177/178 Stable Channel Update for Desktop
The Stable channel has been updated to 146.0.7680.177/178 for Windows/Mac and 146.0.7680.177 for Linux, which will roll out over the coming days/weeks.

This update includes 21 security fixes.
[TBD][493952652] High CVE-2026-5273: Use after free in CSS. Reported by Anonymous on 2026-03-18
[TBD][491732188] High CVE-2026-5272: Heap buffer overflow in GPU. Reported by inspector-ambitious on 2026-03-11
[TBD][488596746] High CVE-2026-5274: Integer overflow in Codecs. Reported by heapracer (@heapracer) on 2026-03-01
[TBD][489494022] High CVE-2026-5275: Heap buffer overflow in ANGLE. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-04
[TBD][489711638] High CVE-2026-5276: Insufficient policy enforcement in WebUSB. Reported by Ariel Simon on 2026-03-04
[TBD][489791424] High CVE-2026-5277: Integer overflow in ANGLE. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-05
[TBD][490254128] High CVE-2026-5278: Use after free in Web MIDI. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-06
[TBD][490642836] High CVE-2026-5279: Object corruption in V8. Reported by Hyeonjun Ahn (@_deayzl) on 2026-03-08
[TBD][491515787] High CVE-2026-5280: Use after free in WebCodecs. Reported by heapracer (@heapracer) on 2026-03-11
[TBD][491518608] High CVE-2026-5281: Use after free in Dawn. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-10
[TBD][491655161] High CVE-2026-5282: Out of bounds read in WebCodecs. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-11
[TBD][492131521] High CVE-2026-5283: Inappropriate implementation in ANGLE. Reported by sweetchip on 2026-03-12
[TBD][492139412] High CVE-2026-5284: Use after free in Dawn. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-12
[TBD][492228019] High CVE-2026-5285: Use after free in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-13
[TBD][493900619] High CVE-2026-5286: Use after free in Dawn. Reported by sweetchip on 2026-03-18
[TBD][494644471] High CVE-2026-5287: Use after free in PDF. Reported by Syn4pse on 2026-03-21
[NA][495507390] High CVE-2026-5288: Use after free in WebView. Reported by Google on 2026-03-23
[NA][495931147] High CVE-2026-5289: Use after free in Navigation. Reported by Google on 2026-03-25
[NA][496205576] High CVE-2026-5290: Use after free in Compositing. Reported by Google on 2026-03-25
[TBD][490118036] Medium CVE-2026-5291: Inappropriate implementation in WebGL. Reported by heapracer (@heapracer) on 2026-03-06
[NA][492213293] Medium CVE-2026-5292: Out of bounds read in WebCodecs. Reported by Google on 2026-03-12

Google is aware that an exploit for CVE-2026-5281 exists in the wild.
Click to expand...
chromereleases.googleblog.com

Stable Channel Update for Desktop

The Stable channel has been updated to 146.0.7680.177/178 for Windows/Mac and 146.0.7680.177 for Linux, which will roll out over the comin...
chromereleases.googleblog.com chromereleases.googleblog.com

(EDIT: the security part of the release notes is posted.)
 
Last edited:
  • +Reputation
  • Like
Reactions: Sampei.Nihira, silversurfer, Halp2001 and 3 others
Google released emergency updates to fix another Chrome zero-day vulnerability exploited in attacks, marking the fourth such security flaw patched since the start of the year.

"Google is aware that an exploit for CVE-2026-5281 exists in the wild," Google said in a security advisory issued on Tuesday.

As detailed in the Chromium commit history, this vulnerability stems from a use-after-free weakness in Dawn, the underlying cross-platform implementation of the WebGPU standard used by the Chromium project.

Attackers can exploit this Dawn security flaw to trigger web browser crashes, data corruption, rendering issues, or other abnormal behavior.
Click to expand...

While Google has found evidence that threat actors were exploiting this zero-day flaw in the wild, it did not share details about these incidents.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," the company noted.

Google has now fixed the zero-day for users in the Stable Desktop channel, with new versions rolling out to Windows, macOS (146.0.7680.177/178), and Linux users (146.0.7680.177). While Google says that this out-of-band update could take days or weeks to reach all users, it was immediately available when BleepingComputer checked for updates today.

www.bleepingcomputer.com

Google fixes fourth Chrome zero-day exploited in attacks in 2026

Google has fixed the fourth Chrome vulnerability exploited in zero-day attacks since the start of the year.
www.bleepingcomputer.com www.bleepingcomputer.com
Click to expand...
 
  • Like
  • +Reputation
Reactions: oldschool, Sampei.Nihira, Gandalf_The_Grey and 1 other person
Google Chrome Rolls Out Vertical Tabs and Full-Page Reading Mode to All Users
Google has begun a broad rollout of vertical tabs and an updated full-page Reading Mode in Chrome, making both features available without the need to enable experimental flags. The rollout is happening gradually and is tied to Chrome 146. Users who do not see either feature immediately may need to wait until the update reaches their installation.

Vertical tabs were previously limited to Chrome Beta following their announcement in January 2026. The Reading Mode update is being announced alongside the changes to the tab layout.
Click to expand...
www.ghacks.net

Google Chrome Rolls Out Vertical Tabs and Full-Page Reading Mode to All Users - gHacks Tech News

Google Chrome is rolling out vertical tabs and a full-page Reading Mode interface to all users, with both features arriving in Chrome 146.
www.ghacks.net www.ghacks.net
 
  • Like
Reactions: Sorrento, Gandalf_The_Grey, ForgottenSeer 116559 and 3 others
lokamoka820 said:
Google Chrome Rolls Out Vertical Tabs and Full-Page Reading Mode to All Users

www.ghacks.net

Google Chrome Rolls Out Vertical Tabs and Full-Page Reading Mode to All Users - gHacks Tech News

Google Chrome is rolling out vertical tabs and a full-page Reading Mode interface to all users, with both features arriving in Chrome 146.
www.ghacks.net www.ghacks.net
Click to expand...
Not here
Capture.JPG
 
  • Like
Reactions: Sorrento, lokamoka820 and Khushal
  • Applause
  • +Reputation
  • Like
Reactions: Sorrento, Halp2001, Parkinsond and 1 other person
oldschool said:
View attachment 297167
Stable Channel Update for Desktop
Click to expand...
Google Chrome 147.0.7727.101/102 Stable Channel Update for Desktop
The Stable channel has been updated to 147.0.7727.101/102 for Windows/Mac and 147.0.7727.101 for Linux, which will roll out over the coming days/weeks.

This update includes 31 security fixes.

[$90000][490170083] Critical CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga on 2026-03-05
[$10000][493628982] Critical CVE-2026-6297: Use after free in Proxy. Reported by heapracer on 2026-03-17
[TBD][495700484] Critical CVE-2026-6298: Heap buffer overflow in Skia. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-24
[N/A][497053588] Critical CVE-2026-6299: Use after free in Prerender. Reported by Google on 2026-03-28
[TBD][497724498] Critical CVE-2026-6358: Use after free in XR. Reported by Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern) on 2026-03-30
[TBD][490251701] High CVE-2026-6359: Use after free in Video. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-06
[TBD][491994185] High CVE-2026-6300: Use after free in CSS. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-12
[TBD][495273999] High CVE-2026-6301: Type Confusion in Turbofan. Reported by qymag1c on 2026-03-23
[TBD][495477995] High CVE-2026-6302: Use after free in Video. Reported by Syn4pse on 2026-03-24
[N/A][496282147] High CVE-2026-6303: Use after free in Codecs. Reported by Google on 2026-03-25
[N/A][496393742] High CVE-2026-6304: Use after free in Graphite. Reported by Google on 2026-03-26
[TBD][496618639] High CVE-2026-6305: Heap buffer overflow in PDFium. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-26
[TBD][496907110] High CVE-2026-6306: Heap buffer overflow in PDFium. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-27
[TBD][497404188] High CVE-2026-6307: Type Confusion in Turbofan. Reported by Project WhatForLunch (@pjwhatforlunch) on 2026-03-29
[N/A][497412658] High CVE-2026-6308: Out of bounds read in Media. Reported by Google on 2026-03-29
[N/A][497846428] High CVE-2026-6309: Use after free in Viz. Reported by Google on 2026-03-30
[TBD][497880137] High CVE-2026-6360: Use after free in FileSystem. Reported by asjidkalam on 2026-03-31
[N/A][497969820] High CVE-2026-6310: Use after free in Dawn. Reported by Google on 2026-03-31
[N/A][498201025] High CVE-2026-6311: Uninitialized Use in Accessibility. Reported by Google on 2026-03-31
[N/A][498269651] High CVE-2026-6312: Insufficient policy enforcement in Passwords. Reported by Google on 2026-03-31
[N/A][498765210] High CVE-2026-6313: Insufficient policy enforcement in CORS. Reported by Google on 2026-04-02
[N/A][498782145] High CVE-2026-6314: Out of bounds write in GPU. Reported by Google on 2026-04-02
[N/A][499247910] High CVE-2026-6315: Use after free in Permissions. Reported by Google on 2026-04-03
[N/A][499384399] High CVE-2026-6316: Use after free in Forms. Reported by Google on 2026-04-03
[N/A][500036290] High CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google on 2026-04-06
[TBD][500066234] High CVE-2026-6362: Use after free in Codecs. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-07
[N/A][500091052] High CVE-2026-6317: Use after free in Cast. Reported by Google on 2026-04-06
[N/A][495751197] Medium CVE-2026-6363: Type Confusion in V8. Reported by Google on 2026-03-24
[TBD][495996858] Medium CVE-2026-6318: Use after free in Codecs. Reported by Syn4pse on 2026-03-25
[TBD][499018889] Medium CVE-2026-6319: Use after free in Payments. Reported by pwn2addr on 2026-04-02
[N/A][502103414] Medium CVE-2026-6364: Out of bounds read in Skia. Reported by Google Threat Intelligence on 2026-04-13
Click to expand...
chromereleases.googleblog.com

Stable Channel Update for Desktop

The Stable channel has been updated to 147.0.7727.101/102 for Windows/Mac and 147.0.7727.101 for Linux, which will roll out over the comin...
chromereleases.googleblog.com chromereleases.googleblog.com
 
  • +Reputation
  • Like
  • Applause
Reactions: silversurfer, ForgottenSeer 116559, Sorrento and 6 others
Google Chrome 147.0.7727.116/117 Stable Channel Update for Desktop
The Stable channel has been updated to 147.0.7727.116/117 for Windows/Mac and 147.0.7727.116 for Linux, which will roll out over the coming days/weeks.

This update includes 19 security fixes.

Below, we highlight fixes that were contributed by external researchers.
[TBD][493652473] High CVE-2026-6919: Use after free in DevTools. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-18
[TBD][499891888] High CVE-2026-6920: Out of bounds read in GPU. Reported by tatiwari of Microsoft on 2026-04-06
[TBD][493315759] Medium CVE-2026-6921: Race in GPU. Reported by soiax on 2026-03-17
Click to expand...
chromereleases.googleblog.com

Stable Channel Update for Desktop

The Stable channel has been updated to 147.0.7727.116/117 for Windows/Mac and 147.0.7727.116 for Linux, which will roll out over the comin...
chromereleases.googleblog.com chromereleases.googleblog.com
(EDIT: security fixes published)
 
Last edited:
  • +Reputation
  • Like
Reactions: Sorrento, Parkinsond, lokamoka820 and 2 others
Google Chrome 147.0.7727.137/138 Stable Channel Update for Desktop
This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$7000][494352590] Critical CVE-2026-7363: Use after free in Canvas. Reported by heapracer on 2026-03-19
[N/A][493221953] Critical CVE-2026-7361: Use after free in iOS. Reported by Google on 2026-03-16
[N/A][503419515] Critical CVE-2026-7344: Use after free in Accessibility. Reported by Google on 2026-04-16
[N/A][503645680] Critical CVE-2026-7343: Use after free in Views. Reported by Google on 2026-04-17
[$16000][493955227] High CVE-2026-7333: Use after free in GPU. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-19
[N/A][495852034] High CVE-2026-7360: Insufficient validation of untrusted input in Compositing. Reported by Google on 2026-03-24
[N/A][496284494] High CVE-2026-7359: Use after free in ANGLE. Reported by Google on 2026-03-25
[N/A][496285281] High CVE-2026-7358: Use after free in Animation. Reported by Google on 2026-03-25
[TBD][496456528] High CVE-2026-7334: Use after free in Views. Reported by Batuhan Eşref KOÇ on 2026-03-26
[N/A][497047552] High CVE-2026-7357: Use after free in GPU. Reported by Google on 2026-03-27
[N/A][497769116] High CVE-2026-7356: Use after free in Navigation. Reported by Google on 2026-03-30
[N/A][498746519] High CVE-2026-7354: Out of bounds read and write in Angle. Reported by Google on 2026-04-01
[N/A][498809718] High CVE-2026-7353: Heap buffer overflow in Skia. Reported by Google on 2026-04-01
[N/A][499023054] High CVE-2026-7352: Use after free in Media. Reported by Google on 2026-04-02
[N/A][499119490] High CVE-2026-7351: Race in MHTML. Reported by Google on 2026-04-02
[N/A][500018484] High CVE-2026-7350: Use after free in WebMIDI. Reported by Google on 2026-04-06
[N/A][500034684] High CVE-2026-7349: Use after free in Cast. Reported by Google on 2026-04-06
[N/A][500104917] High CVE-2026-7348: Use after free in Codecs. Reported by Google on 2026-04-06
[TBD][500387779] High CVE-2026-7335: Use after free in media. Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po) on 2026-04-07
[TBD][500767595] High CVE-2026-7336: Use after free in WebRTC. Reported by Mozilla on 2026-04-09
[TBD][500880819] High CVE-2026-7337: Type Confusion in V8. Reported by q@calif.io on 2026-04-09
[N/A][501722605] High CVE-2026-7347: Use after free in Chromoting. Reported by Google on 2026-04-11
[N/A][502206907] High CVE-2026-7346: Inappropriate implementation in Tint. Reported by Google on 2026-04-13
[N/A][502248774] High CVE-2026-7345: Insufficient validation of untrusted input in Feedback. Reported by Google on 2026-04-13
[TBD][502449857] High CVE-2026-7338: Use after free in Cast. Reported by Krace on 2026-04-14
[N/A][503889643] High CVE-2026-7342: Use after free in WebView. Reported by Google on 2026-04-17
[N/A][504586599] High CVE-2026-7341: Use after free in WebRTC. Reported by Google on 2026-04-20
[$4000][493957495] Medium CVE-2026-7339: Heap buffer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-19
[$3000][497896137] Medium CVE-2026-7340: Integer overflow in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-30
[N/A][498285711] Medium CVE-2026-7355: Use after free in Media. Reported by Google on 2026-03-31
Click to expand...
chromereleases.googleblog.com

Stable Channel Update for Desktop

The Stable channel has been updated to 147.0.7727.137/138 for Windows/Mac and 147.0.7727.137 for Linux, which will roll out over the comin...
chromereleases.googleblog.com chromereleases.googleblog.com
 
  • Like
  • +Reputation
Reactions: Zero Knowledge, Sampei.Nihira, Sorrento and 5 others
Google Chrome 148.0.7778.96/97 Stable Channel Update for Desktop
This update includes 127 security fixes.

[$43000][493747582] Critical CVE-2026-7896: Integer overflow in Blink. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-18
[N/A][504069514] Critical CVE-2026-7897: Use after free in Mobile. Reported by Google on 2026-04-18
[N/A][504587882] Critical CVE-2026-7898: Use after free in Chromoting. Reported by Google on 2026-04-20
[$55000][505481948] High CVE-2026-7899: Out of bounds read and write in V8. Reported by Project WhatForLunch (@pjwhatforlunch) on 2026-04-23
[$16000][496503799] High CVE-2026-7900: Heap buffer overflow in ANGLE. Reported by Anonymous on 2026-03-26
[$16000][497724490] High CVE-2026-7901: Use after free in ANGLE. Reported by Syn4pse (@ret2happy) on 2026-03-30
[$8000][502030575] High CVE-2026-7902: Out of bounds memory access in V8. Reported by JunYoung Park(@candymate) of KAIST Hacking Lab on 2026-04-13
[TBD][491760376] High CVE-2026-7903: Integer overflow in ANGLE. Reported by heesun on 2026-03-11
[TBD][492350406] High CVE-2026-7904: Out of bounds read in Fonts. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-13
[N/A][495259842] High CVE-2026-7905: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-23
[N/A][496284584] High CVE-2026-7906: Use after free in SVG. Reported by Google on 2026-03-25
[N/A][496292089] High CVE-2026-7907: Use after free in DOM. Reported by Google on 2026-03-25
[N/A][497436531] High CVE-2026-7908: Use after free in Fullscreen. Reported by Google on 2026-03-29
[N/A][497437113] High CVE-2026-7909: Inappropriate implementation in ServiceWorker. Reported by Google on 2026-03-29
[N/A][497543810] High CVE-2026-7910: Use after free in Views. Reported by Google on 2026-03-29
[N/A][497548912] High CVE-2026-7911: Use after free in Aura. Reported by Google on 2026-03-29
[N/A][497639714] High CVE-2026-7912: Integer overflow in GPU. Reported by Google on 2026-03-30
[N/A][497936728] High CVE-2026-7913: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-30
[N/A][498401609] High CVE-2026-7914: Type Confusion in Accessibility. Reported by Google on 2026-04-01
[N/A][498454478] High CVE-2026-7915: Insufficient data validation in DevTools. Reported by Google on 2026-04-01
[N/A][498720754] High CVE-2026-7916: Insufficient data validation in InterestGroups. Reported by Google on 2026-04-01
[N/A][498752242] High CVE-2026-7917: Use after free in Fullscreen. Reported by Google on 2026-04-02
[N/A][498780188] High CVE-2026-7918: Use after free in GPU. Reported by Google on 2026-04-02
[N/A][498832921] High CVE-2026-7919: Use after free in Aura. Reported by Google on 2026-04-02
[N/A][498989348] High CVE-2026-7920: Use after free in Skia. Reported by Google on 2026-04-02
[N/A][499062376] High CVE-2026-7921: Use after free in Passwords. Reported by Google on 2026-04-02
[N/A][499449324] High CVE-2026-7922: Use after free in ServiceWorker. Reported by Google on 2026-04-04
[N/A][500080194] High CVE-2026-7923: Out of bounds write in Skia. Reported by Google on 2026-04-06
[N/A][500087204] High CVE-2026-7924: Uninitialized Use in Dawn. Reported by Google on 2026-04-06
[N/A][501833981] High CVE-2026-7925: Use after free in Chromoting. Reported by Google on 2026-04-12
[TBD][502249087] High CVE-2026-7926: Use after free in PresentationAPI. Reported by anonymous on 2026-04-14
[N/A][502830119] High CVE-2026-7927: Type Confusion in Runtime. Reported by Google on 2026-04-15
[N/A][504612429] High CVE-2026-7928: Use after free in WebRTC. Reported by Google on 2026-04-20
[N/A][504660052] High CVE-2026-7929: Use after free in MediaRecording. Reported by Google on 2026-04-20
[TBD][434825208] Medium CVE-2026-7930: Insufficient validation of untrusted input in Cookies. Reported by Satoki on 2025-07-29
[TBD][474338157] Medium CVE-2026-7931: Insufficient validation of untrusted input in iOS. Reported by Qadhafy Muhammad Tera on 2026-01-08
[TBD][481634116] Medium CVE-2026-7932: Insufficient policy enforcement in Downloads. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-02-04
[TBD][488585490] Medium CVE-2026-7933: Out of bounds read in WebCodecs. Reported by heapracer (@heapracer) on 2026-03-01
[N/A][489023922] Medium CVE-2026-7934: Insufficient validation of untrusted input in Popup Blocker. Reported by Google on 2026-03-02
[TBD][489624550] Medium CVE-2026-7935: Inappropriate implementation in Speech. Reported by Qadhafy Muhammad Tera on 2026-03-04
[TBD][490485402] Medium CVE-2026-7936: Object lifecycle issue in V8. Reported by Christian Holler on 2026-03-07
[TBD][491766258] Medium CVE-2026-7937: Insufficient policy enforcement in DevTools. Reported by lebr0nli of National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab on 2026-03-11
[TBD][492735384] Medium CVE-2026-7938: Use after free in CSS. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-15
[TBD][492963096] Medium CVE-2026-7939: Inappropriate implementation in SanitizerAPI. Reported by s3zer0 on 2026-03-15
[TBD][493631402] Medium CVE-2026-7940: Use after free in V8. Reported by sakana on 2026-03-17
[TBD][493955234] Medium CVE-2026-7941: Insufficient validation of untrusted input in Mobile. Reported by Adithya Kotian on 2026-03-19
[N/A][495363705] Medium CVE-2026-7942: Integer overflow in ANGLE. Reported by Google on 2026-03-23
[TBD][495373657] Medium CVE-2026-7943: Insufficient validation of untrusted input in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-23
[N/A][495783187] Medium CVE-2026-7944: Insufficient validation of untrusted input in Persistent Cache. Reported by Google on 2026-03-24
[N/A][495802788] Medium CVE-2026-7945: Insufficient validation of untrusted input in COOP. Reported by Google on 2026-03-24
[N/A][496016840] Medium CVE-2026-7946: Insufficient policy enforcement in WebUI. Reported by Google on 2026-03-25
[N/A][496169594] Medium CVE-2026-7947: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-25
[N/A][496193452] Medium CVE-2026-7948: Race in Chromoting. Reported by Google on 2026-03-25
[N/A][496206134] Medium CVE-2026-7949: Out of bounds read in Skia. Reported by Google on 2026-03-25
[N/A][496259890] Medium CVE-2026-7950: Out of bounds read and write in GFX. Reported by Google on 2026-03-25
[TBD][496266456] Medium CVE-2026-7951: Out of bounds write in WebRTC. Reported by soft.connect.fr on 2026-03-26
[N/A][496279876] Medium CVE-2026-7952: Insufficient policy enforcement in Extensions. Reported by Google on 2026-03-25
[N/A][496379792] Medium CVE-2026-7953: Insufficient validation of untrusted input in Omnibox. Reported by Google on 2026-03-26
[N/A][496380960] Medium CVE-2026-7954: Race in Shared Storage. Reported by Google on 2026-03-26
[N/A][496441232] Medium CVE-2026-7955: Uninitialized Use in GPU. Reported by Google on 2026-03-26
[N/A][496463315] Medium CVE-2026-7956: Use after free in Navigation. Reported by Google on 2026-03-26
[N/A][496607380] Medium CVE-2026-7957: Out of bounds write in Media. Reported by Google on 2026-03-26
[N/A][496632973] Medium CVE-2026-7958: Inappropriate implementation in ServiceWorker. Reported by Google on 2026-03-26
[N/A][496645205] Medium CVE-2026-7959: Inappropriate implementation in Navigation. Reported by Google on 2026-03-26
[N/A][497007825] Medium CVE-2026-7960: Race in Speech. Reported by Google on 2026-03-27
[N/A][497008295] Medium CVE-2026-7961: Insufficient validation of untrusted input in Permissions. Reported by Google on 2026-03-27
[N/A][497081987] Medium CVE-2026-7962: Insufficient policy enforcement in DirectSockets. Reported by Google on 2026-03-28
[N/A][497250399] Medium CVE-2026-7963: Inappropriate implementation in ServiceWorker. Reported by Google on 2026-03-28
[N/A][497254383] Medium CVE-2026-7964: Insufficient validation of untrusted input in FileSystem. Reported by Google on 2026-03-28
[N/A][497255035] Medium CVE-2026-7965: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-03-28
[N/A][497341787] Medium CVE-2026-7966: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-03-29
[N/A][497365545] Medium CVE-2026-7967: Insufficient validation of untrusted input in Navigation. Reported by Google on 2026-03-29
[N/A][497432281] Medium CVE-2026-7968: Insufficient validation of untrusted input in CORS. Reported by Google on 2026-03-29
[N/A][497450574] Medium CVE-2026-7969: Integer overflow in Network. Reported by Google on 2026-03-29
[N/A][497487462] Medium CVE-2026-7970: Use after free in TopChrome. Reported by Google on 2026-03-29
[N/A][497529290] Medium CVE-2026-7971: Inappropriate implementation in ORB. Reported by Google on 2026-03-29
[N/A][497546281] Medium CVE-2026-7972: Uninitialized Use in GPU. Reported by Google on 2026-03-29
[N/A][497565944] Medium CVE-2026-7973: Integer overflow in Dawn. Reported by Google on 2026-03-29
[N/A][497649372] Medium CVE-2026-7974: Use after free in Blink. Reported by Google on 2026-03-30
[N/A][497735587] Medium CVE-2026-7975: Use after free in DevTools. Reported by Google on 2026-03-30
[N/A][497736679] Medium CVE-2026-7976: Use after free in Views. Reported by Google on 2026-03-30
[N/A][497821223] Medium CVE-2026-7977: Inappropriate implementation in Canvas. Reported by Google on 2026-03-30
[N/A][497828892] Medium CVE-2026-7978: Inappropriate implementation in Companion. Reported by Google on 2026-03-30
[N/A][497849876] Medium CVE-2026-7979: Inappropriate implementation in Media. Reported by Google on 2026-03-30
[N/A][497859275] Medium CVE-2026-7980: Use after free in WebAudio. Reported by Google on 2026-03-30
[N/A][497926602] Medium CVE-2026-7981: Out of bounds read in Codecs. Reported by Google on 2026-03-30
[N/A][497952533] Medium CVE-2026-7982: Uninitialized Use in WebCodecs. Reported by Google on 2026-03-30
[N/A][497975608] Medium CVE-2026-7983: Out of bounds read in Dawn. Reported by Google on 2026-03-31
[N/A][498277368] Medium CVE-2026-7984: Use after free in ReadingMode. Reported by Google on 2026-03-31
[N/A][498352423] Medium CVE-2026-7985: Use after free in GPU. Reported by Google on 2026-03-31
[N/A][498396238] Medium CVE-2026-7986: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-01
[N/A][498696266] Medium CVE-2026-7987: Use after free in WebRTC. Reported by Google on 2026-04-01
[N/A][498753456] Medium CVE-2026-7988: Type Confusion in WebRTC. Reported by Google on 2026-04-02
[N/A][498765082] Medium CVE-2026-7989: Insufficient data validation in DataTransfer. Reported by Google on 2026-04-02
[N/A][498892267] Medium CVE-2026-7990: Insufficient validation of untrusted input in Updater. Reported by Google on 2026-04-02
[N/A][499065126] Medium CVE-2026-7991: Use after free in UI. Reported by Google on 2026-04-02
[N/A][499067529] Medium CVE-2026-7992: Insufficient validation of untrusted input in UI. Reported by Google on 2026-04-02
[N/A][499099003] Medium CVE-2026-7993: Insufficient validation of untrusted input in Payments. Reported by Google on 2026-04-03
[N/A][499116954] Medium CVE-2026-7994: Inappropriate implementation in Chromoting. Reported by Google on 2026-04-03
[N/A][501745798] Medium CVE-2026-7995: Out of bounds read in AdFilter. Reported by Google on 2026-04-11
[TBD][484547631] Low CVE-2026-7996: Insufficient validation of untrusted input in SSL. Reported by heesun on 2026-02-15
[TBD][487960705] Low CVE-2026-7997: Insufficient validation of untrusted input in Updater. Reported by ochkofficial on 2026-02-26
[TBD][491676472] Low CVE-2026-7998: Insufficient validation of untrusted input in Dialog. Reported by Tianyi Hu on 2026-03-11
[TBD][493099941] Low CVE-2026-7999: Inappropriate implementation in V8. Reported by Taisic Yun (@taisic) of Theori on 2026-03-16
[TBD][494464734] Low CVE-2026-8000: Insufficient validation of untrusted input in ChromeDriver. Reported by Ryan Jupp - HAAO on 2026-03-20
[TBD][494764371] Low CVE-2026-8001: Use after free in Printing. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-21
[N/A][495779613] Low CVE-2026-8002: Use after free in Audio. Reported by Google on 2026-03-24
[N/A][495985532] Low CVE-2026-8003: Insufficient validation of untrusted input in TabGroups. Reported by Google on 2026-03-25
[N/A][496189510] Low CVE-2026-8004: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-25
[N/A][496298665] Low CVE-2026-8005: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-03-25
[N/A][496373088] Low CVE-2026-8006: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-26
[N/A][496399759] Low CVE-2026-8007: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-03-26
[N/A][496426191] Low CVE-2026-8008: Inappropriate implementation in DevTools. Reported by Google on 2026-03-26
[N/A][496555077] Low CVE-2026-8009: Inappropriate implementation in Cast. Reported by Google on 2026-03-26
[N/A][496624084] Low CVE-2026-8010: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-03-26
[N/A][496626029] Low CVE-2026-8011: Insufficient policy enforcement in Search. Reported by Google on 2026-03-26
[N/A][496628298] Low CVE-2026-8012: Inappropriate implementation in MHTML. Reported by Google on 2026-03-26
[N/A][497427430] Low CVE-2026-8013: Insufficient validation of untrusted input in FedCM. Reported by Google on 2026-03-29
[N/A][497490364] Low CVE-2026-8014: Inappropriate implementation in Preload. Reported by Google on 2026-03-29
[N/A][497548558] Low CVE-2026-8015: Inappropriate implementation in Media. Reported by Google on 2026-03-29
[N/A][497695401] Low CVE-2026-8016: Use after free in WebRTC. Reported by Google on 2026-03-30
[N/A][497722578] Low CVE-2026-8017: Side-channel information leakage in Media. Reported by Google on 2026-03-30
[N/A][498292657] Low CVE-2026-8018: Insufficient policy enforcement in DevTools. Reported by Google on 2026-03-31
[N/A][498353173] Low CVE-2026-8019: Insufficient policy enforcement in WebApp. Reported by Google on 2026-03-31
[N/A][498382925] Low CVE-2026-8020: Uninitialized Use in GPU. Reported by Google on 2026-04-01
[N/A][498417031] Low CVE-2026-8021: Script injection in UI. Reported by Google on 2026-04-01
[N/A][499194407] Low CVE-2026-8022: Inappropriate implementation in MHTML. Reported by Google on 2026-04-03
Click to expand...
chromereleases.googleblog.com

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 148 to the stable channel for Windows, Mac and Linux. This will roll out ov...
chromereleases.googleblog.com chromereleases.googleblog.com
 
Last edited:
  • Like
  • +Reputation
Reactions: oldschool, harlan4096, Gandalf_The_Grey and 1 other person
Google Chrome 148.0.7778.167/168 Stable Channel Update for Desktop
Security Updates will be posted soon
Click to expand...
chromereleases.googleblog.com

Stable Channel Update for Desktop

The Stable channel has been updated to 148.0.7778.167/168 for Windows/Mac and 148.0.7778.167 for Linux, which will roll out over the comin...
chromereleases.googleblog.com chromereleases.googleblog.com
 
  • Like
  • +Reputation
Reactions: oldschool, Sampei.Nihira, Gandalf_The_Grey and 1 other person
lokamoka820 said:
Google Chrome 148.0.7778.167/168 Stable Channel Update for Desktop

chromereleases.googleblog.com

Stable Channel Update for Desktop

The Stable channel has been updated to 148.0.7778.167/168 for Windows/Mac and 148.0.7778.167 for Linux, which will roll out over the comin...
chromereleases.googleblog.com chromereleases.googleblog.com
Click to expand...
The security updates are posted:
This update includes 79 security fixes. Below, we highlight fixes that were contributed by external researchers.

[$43000][493310462] Critical CVE-2026-8509: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-17
[$25000][502636904] Critical CVE-2026-8510: Integer overflow in Skia. Reported by q@calif.io on 2026-04-14
[N/A][495108488] Critical CVE-2026-8511: Use after free in UI. Reported by Google on 2026-03-22
[N/A][495782021] Critical CVE-2026-8512: Use after free in FileSystem. Reported by Google on 2026-03-24
[N/A][495939973] Critical CVE-2026-8513: Use after free in Input. Reported by Google on 2026-03-25
[N/A][495948109] Critical CVE-2026-8514: Use after free in Aura. Reported by Google on 2026-03-25
[N/A][495999127] Critical CVE-2026-8515: Use after free in HID. Reported by Google on 2026-03-25
[N/A][496393078] Critical CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer. Reported by Google on 2026-03-26
[N/A][497531263] Critical CVE-2026-8517: Object lifecycle issue in WebShare. Reported by Google on 2026-03-29
[N/A][497830330] Critical CVE-2026-8518: Use after free in Blink. Reported by Google on 2026-03-30
[N/A][498400132] Critical CVE-2026-8519: Integer overflow in ANGLE. Reported by Google on 2026-04-01
[N/A][503619813] Critical CVE-2026-8520: Race in Payments. Reported by Google on 2026-04-17
[N/A][504106200] Critical CVE-2026-8521: Use after free in Tab Groups. Reported by Google on 2026-04-18
[N/A][504185107] Critical CVE-2026-8522: Use after free in Downloads. Reported by Google on 2026-04-19
[$25000][483956252] High CVE-2026-8523: Use after free in Mojo. Reported by Paul Seekamp / nullenc0de on 2026-02-12
[$10000][503425922] High CVE-2026-8558: Out of bounds write in Fonts. Reported by Matej Smycka on 2026-04-16
[$7000][499565267] High CVE-2026-8524: Out of bounds write in WebAudio. Reported by Brendan Dolan-Gavitt, XBOW on 2026-04-06
[$2000][497928952] High CVE-2026-8525: Heap buffer overflow in ANGLE. Reported by Nathaniel Oh (@calysteon) on 2026-03-30
[TBD][486536241] High CVE-2026-8526: Out of bounds write in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22
[TBD][486761172] High CVE-2026-8527: Insufficient validation of untrusted input in Downloads. Reported by rachmat.abdul.ro on 2026-02-23
[N/A][487795397] High CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-02-26
[N/A][490222151] High CVE-2026-8529: Heap buffer overflow in Codecs. Reported by Google on 2026-03-06
[N/A][491930142] High CVE-2026-8530: Use after free in Network. Reported by Google on 2026-03-11
[TBD][492350403] High CVE-2026-8531: Heap buffer overflow in WebML. Reported by Syn4pse on 2026-03-13
[N/A][492812194] High CVE-2026-8532: Integer overflow in XML. Reported by Google on 2026-03-14
[N/A][495247950] High CVE-2026-8533: Use after free in Accessibility. Reported by Google on 2026-03-23
[N/A][495314407] High CVE-2026-8534: Integer overflow in GPU. Reported by Google on 2026-03-23
[N/A][495530312] High CVE-2026-8535: Out of bounds read in Media. Reported by Google on 2026-03-23
[N/A][495857582] High CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode. Reported by Google on 2026-03-24
[N/A][495890000] High CVE-2026-8537: Insufficient policy enforcement in ViewTransitions. Reported by Google on 2026-03-24
[N/A][496415073] High CVE-2026-8538: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-03-26
[TBD][496524586] High CVE-2026-8539: Script injection in SanitizerAPI. Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po) on 2026-03-26
[TBD][496627235] High CVE-2026-8540: Type Confusion in V8. Reported by Google on 2026-03-26
[N/A][496645393] High CVE-2026-8541: Out of bounds read in UI. Reported by Google on 2026-03-26
[N/A][497066659] High CVE-2026-8542: Use after free in Core. Reported by Google on 2026-03-28
[N/A][497095799] High CVE-2026-8543: Out of bounds read in FileSystem. Reported by Google on 2026-03-28
[N/A][497151750] High CVE-2026-8544: Use after free in Media. Reported by Google on 2026-03-28
[N/A][497486030] High CVE-2026-8545: Object corruption in Compositing. Reported by Google on 2026-03-29
[N/A][497531791] High CVE-2026-8546: Out of bounds read in GPU. Reported by Google on 2026-03-29
[N/A][497632199] High CVE-2026-8547: Insufficient policy enforcement in Passwords. Reported by Google on 2026-03-30
[N/A][497821764] High CVE-2026-8548: Out of bounds write in Media. Reported by Google on 2026-03-30
[N/A][497985088] High CVE-2026-8549: Use after free in Media. Reported by Google on 2026-03-31
[N/A][498322453] High CVE-2026-8550: Use after free in Google Lens. Reported by Google on 2026-03-31
[N/A][498376171] High CVE-2026-8551: Use after free in Downloads. Reported by Google on 2026-04-01
[N/A][498706958] High CVE-2026-8552: Heap buffer overflow in GPU. Reported by Google on 2026-04-01
[N/A][498715368] High CVE-2026-8553: Use after free in GPU. Reported by Google on 2026-04-01
[N/A][499131214] High CVE-2026-8554: Type Confusion in ANGLE. Reported by Google on 2026-04-03
[N/A][500033878] High CVE-2026-8555: Use after free in GTK. Reported by Google on 2026-04-06
[N/A][500052361] High CVE-2026-8556: Inappropriate implementation in ANGLE. Reported by Google on 2026-04-06
[N/A][502978647] High CVE-2026-8557: Use after free in Accessibility. Reported by Google on 2026-04-15
[N/A][504629701] High CVE-2026-8559: Integer overflow in Internationalization. Reported by Google on 2026-04-20
[TBD][328109821] Medium CVE-2026-8560: Heap buffer overflow in SwiftShader. Reported by Cassidy Kim(@cassidy6564) on 2024-03-05
[TBD][343352552] Medium CVE-2026-8561: Incorrect security UI in Fullscreen. Reported by Wolfgang Ettlinger (aff. Certitude Consulting GmbH) Alexander Hurbean (aff. Certitude Consulting GmbH) on 2024-05-29
[N/A][40057534] Medium CVE-2026-8562: Side-channel information leakage in Navigation. Reported by Google on 2021-10-06
[TBD][40061220] Medium CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox. Reported by Luan Herrera (@lbherrera_) on 2022-10-04
[TBD][418273622] Medium CVE-2026-8564: Incorrect security UI in Downloads. Reported by Alesandro Ortiz Alesandro Ortiz on 2025-05-16
[TBD][442860473] Medium CVE-2026-8565: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-09-04
[TBD][470646792] Medium CVE-2026-8566: Insufficient policy enforcement in Payments. Reported by Jorian Woltjer on 2025-12-21
[TBD][484986863] Medium CVE-2026-8567: Integer overflow in ANGLE. Reported by cinzinga on 2026-02-16
[TBD][488728570] Medium CVE-2026-8568: Insufficient policy enforcement in AI. Reported by Tianyi Hu on 2026-03-01
[N/A][490229299] Medium CVE-2026-8569: Out of bounds write in Codecs. Reported by Google on 2026-03-06
[N/A][490353576] Medium CVE-2026-8570: Type Confusion in V8. Reported by Google on 2026-03-06
[TBD][491422244] Medium CVE-2026-8571: Insufficient policy enforcement in GPU. Reported by Mark Blaszczyk on 2026-03-10
[N/A][495405493] Medium CVE-2026-8572: Insufficient policy enforcement in Network. Reported by Google on 2026-03-23
[N/A][495417883] Medium CVE-2026-8573: Integer overflow in Codecs. Reported by Google on 2026-03-23
[N/A][495902113] Medium CVE-2026-8574: Use after free in Core. Reported by Google on 2026-03-24
[N/A][496217775] Medium CVE-2026-8575: Use after free in UI. Reported by Google on 2026-03-25
[N/A][496231853] Medium CVE-2026-8576: Inappropriate implementation in CORS. Reported by Google on 2026-03-25
[N/A][496302307] Medium CVE-2026-8577: Integer overflow in Fonts. Reported by Google on 2026-03-25
[N/A][496395450] Medium CVE-2026-8578: Out of bounds read in GPU. Reported by Google on 2026-03-26
[N/A][496526419] Medium CVE-2026-8579: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-03-26
[N/A][496639647] Medium CVE-2026-8580: Use after free in Mojo. Reported by Google on 2026-03-26
[N/A][497292072] Medium CVE-2026-8581: Use after free in GPU. Reported by Google on 2026-03-28
[N/A][497594413] Medium CVE-2026-8582: Object lifecycle issue in Dawn. Reported by Google on 2026-03-30
[N/A][497975477] Medium CVE-2026-8583: Insufficient policy enforcement in WebXR. Reported by Google on 2026-03-31
[N/A][498892595] Medium CVE-2026-8584: Inappropriate implementation in Views. Reported by Google on 2026-04-02
[N/A][499052720] Medium CVE-2026-8585: Inappropriate implementation in Media. Reported by Google on 2026-04-02
[N/A][499154022] Medium CVE-2026-8586: Inappropriate implementation in Chromoting. Reported by Google on 2026-04-03
[TBD][507356235] Medium CVE-2026-8587: Use after free in Extensions. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2026-04-28
Click to expand...
chromereleases.googleblog.com

Stable Channel Update for Desktop

The Stable channel has been updated to 148.0.7778.167/168 for Windows/Mac and 148.0.7778.167 for Linux, which will roll out over the comin...
chromereleases.googleblog.com chromereleases.googleblog.com
 
  • +Reputation
  • Like
Reactions: lokamoka820, oldschool, Sampei.Nihira and 2 others
Google Chrome 148.0.7778.178/179 Stable Channel Update for Desktop
This update includes 16 security fixes. Below, we highlight fixes that were contributed by external researchers.

[N/A][504551032] Critical CVE-2026-9111: Use after free in WebRTC. Reported by Google on 2026-04-20
[N/A][503551154] Critical CVE-2026-9110: Inappropriate implementation in UI. Reported by Google on 2026-04-20
[$11000][489791425] High CVE-2026-9112: Use after free in GPU. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-05
[$3000][489585044] High CVE-2026-9113: Out of bounds read in GPU. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-04
[N/A][495798630] High CVE-2026-9114: Use after free in QUIC. Reported by Google on 2026-03-24
[N/A][495999481] High CVE-2026-9115: Insufficient policy enforcement in Service Worker. Reported by Google on 2026-03-25
[N/A][497436273] High CVE-2026-9116: Insufficient policy enforcement in ServiceWorker. Reported by Google on 2026-03-29
[N/A][497542537] High CVE-2026-9117: Type Confusion in GFX. Reported by Google on 2026-04-01
[N/A][498702233] High CVE-2026-9118: Use after free in XR. Reported by Google on 2026-04-14
[N/A][502661101] High CVE-2026-9119: Heap buffer overflow in WebRTC. Reported by Google on 2026-04-17
[N/A][504620824] High CVE-2026-9120: Use after free in WebRTC. Reported by Google on 2026-04-20
[N/A][496280532] Medium CVE-2026-9126: Use after free in DOM. Reported by Google on 2026-03-25
[TBD][488064108] Medium CVE-2026-9121: Out of bounds read in GPU. Reported by David Korczynski (Adalogics) on 2026-02-26
[TBD][489579953] Medium CVE-2026-9122: Out of bounds read in GPU. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-04
[N/A][495988507] Medium CVE-2026-9123: Heap buffer overflow in Chromecast. Reported by Google on 2026-03-25
[N/A][496375695] Medium CVE-2026-9124: Insufficient validation of untrusted input in Input. Reported by Google on 2026-03-29
Click to expand...
chromereleases.googleblog.com

Stable Channel Update for Desktop

The Stable channel has been updated to 148.0.7778.178/179 for Windows/Mac and 148.0.7778.178 for Linux, which will roll out over the coming...
chromereleases.googleblog.com chromereleases.googleblog.com
 
Last edited:
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey and harlan4096
Chromium team announced starting with Chrome 150, flag that allowed installation of MV2 extensions from Chrome Web Store is going away and installation won't be possible anymore. MV2 code still exists but it's being stripped piece by piece in each version.

github.com

PSA: Google Chrome 149 will be the last version fully supporting MV2 and Blocking WebRequest on regular extension installs · Issue #1000 · w3c/webextensions

This is not a specification question or standards discussion, I just think that WECG might find these news interesting. Google Chrome team just started removing the flags responsible for MV2 availa...
github.com github.com
 
  • Wow
  • Sad
  • +Reputation
Reactions: HarborFront, Sorrento, nicolaasjan and 3 others
Marko :) said:
Chromium team announced starting with Chrome 150, flag that allowed installation of MV2 extensions from Chrome Web Store is going away and installation won't be possible anymore. MV2 code still exists but it's being stripped piece by piece in each version.

github.com

PSA: Google Chrome 149 will be the last version fully supporting MV2 and Blocking WebRequest on regular extension installs · Issue #1000 · w3c/webextensions

This is not a specification question or standards discussion, I just think that WECG might find these news interesting. Google Chrome team just started removing the flags responsible for MV2 availa...
github.com github.com
Click to expand...
Someone on Reddit stated he/she managed to install uBO after facing difficulty to install in Chrome 150, but did not explain how.
 
  • Like
  • Applause
Reactions: HarborFront, Sampei.Nihira and lokamoka820

You may also like...