Google releases critical security patch for Chrome: Here's what it does
Google has pushed a high-priority Chrome update fixing three serious security flaws, urging users on Windows, macOS and Linux to install the patch immediately
 "Google releases critical security patch for Chrome: Here's what it does")
Google has rolled out a critical security patch for its Chrome browser, upgrading Windows and macOS users to version 145.0.7632.116/117, while Linux users are receiving version 144.0.7559.116. The phased update, which will be available over the next few days and weeks, fixes three high-severity vulnerabilities that could pose serious security risks if not addressed.
Google classifies these Common Vulnerabilities and Exposures (CVEs) as high severity, indicating a strong potential for exploitation.
Notably, two of the vulnerabilities relate to out-of-bounds memory access — a type of flaw often leveraged in remote code execution or sandbox escape attacks when paired with other exploits. Users and organisations on Windows and macOS are advised to check their Chrome version and install the update as soon as it is released in their region.
Which issues have been fixed
According to a report by Cyber Security News, the first flaw — CVE-2026-3061 — is an out-of-bounds read bug in Chrome’s Media component. The issue was flagged by security researcher Luke Francis on February 9, 2026. Such vulnerabilities in media pipelines are particularly risky, as specially crafted media files or malicious web content could trigger them, raising the possibility of drive-by attacks through compromised websites.
The second vulnerability, CVE-2026-3062, impacts Tint, Chrome’s internal WebGPU shader compiler. Reported by researcher Cinzinga on February 11, 2026, it involves both out-of-bounds read and write conditions and is considered the most technically serious of the three. Out-of-bounds write flaws in graphics or shader processing can result in memory corruption, potentially allowing attackers to execute arbitrary code within the browser’s renderer. With WebGPU gaining traction, components such as Tint are becoming a larger attack surface.
The third issue, CVE-2026-3063, relates to an improper implementation within Chrome DevTools and was reported by M Fauzan Wijaya (Gh05t666nero) on February 17, 2026. Although such flaws are generally less critical than memory corruption bugs, weaknesses in developer tools can still open the door to cross-origin data exposure, privilege misuse or security boundary bypass in certain scenarios.
Notably, Google said that detailed bug reports will remain restricted until most users have installed the fix, a move aimed at reducing the risk of exploitation before patches are widely deployed.