What is CVE-2026-3062?

It is an out-of-bounds read and write flaw in the Tint engine that allows attackers to corrupt memory and run arbitrary commands.

How does CVE-2026-3061 affect security?

This flaw in the Media component lets attackers read sensitive data from the browser's memory that should be protected.

What is the risk of the DevTools flaw (CVE-2026-3063)?

It allows malicious websites to break out of the browser's security sandbox to steal data or access the system.

Which Chrome versions are safe?

Version 145.0.7632.116/117 for Windows and Mac, and 144.0.7559.116 for Linux.

How do I install the update?

Go to chrome://settings/help in your browser and restart it once the update downloads.

Advisory

Google Issues Chrome Update for High-Severity Vulnerabilities

published: Feb. 24, 2026

Take action: If you are using Google Chrome or other Chromium-based browsers (Edge, Brave, Vivaldi, Opera...) patch your browser ASAP. Even if the flaws are not critical, you shouldn't wait for them to become actively exploited. Update now, it's trivial and all your tabs reopen after the update.

Learn More

Google released a security update for Chrome and Chromium based browsers to patch to fix three high-severity vulnerabilities.

Vulnerabilities summary:

CVE-2026-3061 (CVSS score not assigned, Google severity High) - An out-of-bounds read in the Media component that occurs when the software reads data past the end of a buffer. Attackers can use this to leak sensitive information from the browser's memory to a malicious site. This bypasses memory protections to expose data that should stay private.
CVE-2026-3062 (CVSS score not assigned, Google severity High) - An out-of-bounds read and write flaw in Tint, Chrome's shader translation engine. By reading and writing outside of memory limits, attackers can corrupt the browser's memory and overwrite instructions. This allows them to run arbitrary commands and take control of the system.
CVE-2026-3063 (CVSS score not assigned, Google severity High) - An inappropriate implementation in the DevTools debugging suite that allows sites to bypass the security sandbox. Attackers can use this logic error to steal session tokens or tamper with developer tools. This defeats the primary security boundary that keeps web content isolated from the operating system.

Google has patched the flaws in version 145.0.7632.116/117 for Windows/Mac and 144.0.7559.116 for Linux. Google is rolling out these updates gradually over the next few days and weeks.

Google does not provide detailed bug information until the majority of users have installed the security patches.

Users should update their Chrome and Chromium-based browsers including Microsoft Edge, Brave, Opera, and Vivaldi browsers as soon as possible. Chrome typically updates automatically in the background, users can manually verify their browser version by going to the Chrome three-dot menu, selecting Help and then "About Google Chrome".

Relaunch will close and reopen your browser, bringing back all your tabs and windows exactly where you left off once it restarts.

Google Issues Chrome Update for High-Severity Vulnerabilities

Read More
Not surprisingly, WinRAR vulnerability is actively exploited
Critical flaw reported in Linksys EA7500 routers
Google releases emergency Chrome update to patch actively …
Opera Browser fixes flaw dubbed "Cross Barking" allowing …
ESET researchers warn of active chained exploits of …