Google has rolled out the stable iteration of Chrome, version 145, patching a total of 11 security flaws. This update addressed three vulnerabilities rated as high risk. The most critical among these was designated CVE-2026-2313, a use-after-free bug discovered within the CSS component. For reporting this issue, a security researcher was awarded \$8,000 through the bug bounty program. Two other significant vulnerabilities, namely CVE-2026-2314 and CVE-2026-2315, involved a buffer overflow within the Codecs component and improper implementation concerning WebGPU, respectively. These two spots were identified by Google’s internal teams. Among the medium-severity defects, CVE-2026-2316 stood out due to insufficient security policy validation in the Frames module, for which a \$5,000 reward was issued. Additionally, a flaw in the Animation module (CVE-2026-2317) was fixed, netting the finder \$2,000. Further patches addressed defects related to Picture-in-Picture and File Input (both involving incorrect implementation), a race condition in DevTools, and another instance of use-after-free in Ozone. Two low-severity vulnerabilities affected File Input and the download mechanism. In total, Google distributed over \$18,000 in bounties to external researchers. The browser update is currently being deployed as version 145.0.7632.45 for Linux users, and 145.0.7632.45/46 for those on Windows and macOS. The company has made no official statements regarding any exploitation of these fixed vulnerabilities in the wild. Despite this, users are strongly advised to proceed with the update at their earliest convenience.
About the Author
