Google on Tuesday announced the release of Chrome 145 to the stable channel with fixes for 11 vulnerabilities, including three high-severity bugs.
First in line is CVE-2026-2313, a high-severity use-after-free issue in CSS that earned the reporting researchers an $8,000 bug bounty reward.
The two other high-severity defects, tracked as CVE-2026-2314 and CVE-2026-2315, were found and reported by Google and are described as a heap buffer overflow in Codecs and an inappropriate implementation in WebGPU, respectively.
Based on the paid bug bounty, the most serious of the medium-severity vulnerabilities patched in Chrome 145 is CVE-2026-2316, an insufficient policy enforcement issue in Frames that earned the reporting researcher $5,000.
Next in line is CVE-2026-2317, an inappropriate implementation in Animation for which Google paid a $2,000 reward.
The fresh browser update also resolves two medium-severity inappropriate implementation flaws in PictureInPicture and File input. Google says it paid $1,000 for the first, but has yet to disclose the amount for the second.
The remaining two medium-severity issues include a race condition in DevTools and a use-after-free defect in Ozone.
Two low-severity inappropriate implementation bugs impacting File Input and Downloads were also addressed.
Overall, Google handed out over $18,000 in bug bounty rewards to the reporting researchers.
The latest Chrome iteration is now rolling out as version 145.0.7632.45 for Linux and as versions 145.0.7632.45/46 for Windows and macOS.
Google makes no mention of any of the addressed vulnerabilities being exploited in the wild. Users are advised to apply the patches as soon as possible.
Related: Chrome, Edge Extensions Caught Stealing ChatGPT Sessions
Related: Chrome 144, Firefox 147 Patch High-Severity Vulnerabilities
Related: Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’
Related: Ivanti Patches Endpoint Manager Vulnerabilities Disclosed in October 2025
