Google Issues Emergency Chrome Update to Patch 10 Security Vulnerabilities

Google released an urgent security update for Chrome on March 3, 2026, pushing version 145.0.7632.159/160 for Windows and macOS, and version 145.0.7632.159 for Linux to the stable channel. 

Vulnerabilities summary

Critical vulnerabilities 

• CVE-2026-3536 (CVSS score 9.8+) Integer overflow in ANGLE, the graphics engine abstraction layer, which could trigger heap corruption during graphics rendering
• CVE-2026-3537 (CVSS score 9.8+)  Object lifecycle issue in PowerVR, creating a risk of use-after-free attacks
• CVE-2026-3538 (CVSS score 9.8+)  Integer overflow in the Skia graphics library, also capable of inducing heap corruption during rendering operations

The seven high-severity vulnerabilities include:

• CVE-2026-3539 (CVSS score TBD)  Object lifecycle issue in DevTools
• CVE-2026-3540 (CVSS score TBD)  Inappropriate implementation in WebAudio
• CVE-2026-3541 (CVSS score TBD)  Inappropriate implementation in CSS
• CVE-2026-3542 (CVSS score TBD)  Inappropriate implementation in WebAssembly
• CVE-2026-3543 (CVSS score TBD)  Inappropriate implementation in V8
• CVE-2026-3544 (CVSS score TBD)  Heap buffer overflow in WebCodecs, which could facilitate drive-by download attacks
• CVE-2026-3545 (CVSS score TBD)  Insufficient data validation in Navigation

Google reports that they haven't detected active exploitation of these vulnerabilities. Full technical details of the flaws are being withheld until the majority of the user base has received the update.

Users are strongly advised to update Chrome immediately by navigating to Chrome menu > Help > About Google Chrome and relaunching the browser once the update is downloaded. Enterprise administrators should enforce the update through group policies or mobile device management tools such as Microsoft Intune, with particular urgency for endpoints that regularly interact with untrusted or external web content.