Google: Google Rushes Emergency Chrome Update to Fix Three High-Severity Security Flaws

Google Releases Emergency Chrome Update to Patch Three High-Severity Vulnerabilities

Google has issued an urgent security update for its Chrome browser, addressing three high-severity vulnerabilities that could expose users to remote code execution, data leaks, and sandbox bypasses. The patch applies to Windows, Mac, and Linux systems, with updated versions now available: 145.0.7632.116/117 for Windows and Mac, and 144.0.7559.116 for Linux.

The vulnerabilities, all rated high severity, include:

CVE-2026-3061: An out-of-bounds read flaw in Chrome’s Media component, reported by Luke Francis, which could lead to memory corruption or sensitive data exposure.
CVE-2026-3062: A combined out-of-bounds read/write vulnerability in Chrome’s Tint shader engine, discovered by cinzinga, enabling attackers to execute arbitrary code.
CVE-2026-3063: An improper implementation in DevTools, reported by M. Fauzan Wijaya (Gh05t666nero), allowing potential sandbox escapes and session token theft.

Google has withheld technical details to prevent exploitation before most users apply the update, following responsible disclosure practices. The company credited independent researchers, highlighting the role of bug bounty programs in identifying critical flaws.

The update rolls out gradually over days and weeks, with users advised to restart Chrome or manually check for updates via chrome://settings/help. Enterprises can deploy the patch across fleets using Google Update policies.

Given Chrome’s dominant market share, the fixes mitigate risks for billions of users, blocking potential attack chains from phishing to remote code execution. The incident underscores the ongoing threat landscape targeting widely used browsers.

Source: https://cyberpress.org/google-rushes-emergency-chrome-update/

Google Chrome cybersecurity rating report: https://www.rankiteo.com/company/google-chrome

"id": "GOO1771975200",
"linkid": "google-chrome",
"type": "Vulnerability",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Billions',
                        'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Google Chrome Users',
                        'size': 'Billions of users',
                        'type': 'Software Users'}],
 'attack_vector': 'Browser Exploitation',
 'customer_advisories': 'Users advised to update Chrome immediately to '
                        'mitigate risks.',
 'data_breach': {'personally_identifiable_information': 'Session tokens',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Sensitive data, session tokens'},
 'description': 'Google has issued an urgent security update for its Chrome '
                'browser, addressing three high-severity vulnerabilities that '
                'could expose users to remote code execution, data leaks, and '
                'sandbox bypasses. The patch applies to Windows, Mac, and '
                'Linux systems, with updated versions now available: '
                '145.0.7632.116/117 for Windows and Mac, and 144.0.7559.116 '
                'for Linux.',
 'impact': {'data_compromised': 'Sensitive data exposure, session token theft',
            'identity_theft_risk': 'Session token theft',
            'operational_impact': 'Potential remote code execution, sandbox '
                                  'bypasses',
            'systems_affected': 'Chrome browser on Windows, Mac, and Linux'},
 'investigation_status': 'Patch released, investigation ongoing for '
                         'exploitation attempts',
 'lessons_learned': 'Ongoing threat landscape targeting widely used browsers; '
                    'importance of bug bounty programs in identifying critical '
                    'flaws.',
 'post_incident_analysis': {'corrective_actions': 'Security patches applied to '
                                                  'address out-of-bounds '
                                                  'read/write flaws and '
                                                  'improper implementations.',
                            'root_causes': 'Software vulnerabilities in '
                                           "Chrome's Media component, Tint "
                                           'shader engine, and DevTools'},
 'recommendations': 'Users should restart Chrome or manually check for updates '
                    'via chrome://settings/help. Enterprises should deploy the '
                    'patch across fleets using Google Update policies.',
 'references': [{'source': 'Google Security Blog'}],
 'response': {'communication_strategy': 'Responsible disclosure with withheld '
                                        'technical details',
              'containment_measures': 'Security patch released',
              'remediation_measures': 'Manual update via '
                                      'chrome://settings/help or automatic '
                                      'update deployment'},
 'title': 'Google Releases Emergency Chrome Update to Patch Three '
          'High-Severity Vulnerabilities',
 'type': 'Vulnerability Patch',
 'vulnerability_exploited': ['CVE-2026-3061 (Out-of-bounds read in Media '
                             'component)',
                             'CVE-2026-3062 (Out-of-bounds read/write in Tint '
                             'shader engine)',
                             'CVE-2026-3063 (Improper implementation in '
                             'DevTools)']}

Google: Google Rushes Emergency Chrome Update to Fix Three High-Severity Security Flaws

Adam Barlow’s law firm: Coronation Street confirms devastating data breach for Adam Barlow

Microsoft: Microsoft Authenticator could leak login codes—update your app now

Halifax and Lloyds Banking Group: Lloyds Bank users served with stranger's accounts