With the new Chrome versions—146.0.7680.153/154 for Windows and macOS and 146.0.7680.153 for Linux—the developers have fixed 26 security vulnerabilities. According to Google, none of these vulnerabilities have been exploited in the wild yet. The next release for Chrome 147 is scheduled for early April.
In the Chrome Releases blog post, Srinivas Sista lists the 26 security vulnerabilities that have been fixed. They were predominantly discovered by external security researchers and reported to Google. Unlike last year, internally discovered security vulnerabilities are now also being documented in these blog posts. However, this one was published a day after the updates were released.
Three of the vulnerabilities are classified as critical, with the rest (except for one) classified as high risk. Two out-of-bounds memory accesses in the WebGL component (CVE-2026-4439 and CVE-2026-4440) and a use-after-free vulnerability in Base (CVE-2026-4441) are considered critical. Among the high risk vulnerabilities, a few buffer overflows and use-after-free issues were fixed. There was also a type confusion in the V8 JavaScript engine (CVE-2026-4457).
At the end of last week, Google released emergency updates to patch two zero-day vulnerabilities, causing quite a bit of chaos in the process.
As a rule, Chrome updates automatically when new versions are available. You can manually trigger the update check via the menu item Help > About Google Chrome.
Google has also released Chrome for Android 146.0.76380.153 and Chrome for iOS 146.0.7680.151. The Android version addresses the same vulnerabilities as the desktop versions. The Extended Stable Channel for Windows and macOS now includes Chromium version 146.0.7680.154.
Tip: Whether you keep your browser up to date, you need proper antivirus protections if you want your PC to remain secure and private. Check out our picks for the best antivirus software for Windows as well as best VPN services to stay ahead of security problems.
