Google on Monday announced a fresh Chrome 146 update that resolves eight high-severity memory safety vulnerabilities.
First on the list is CVE-2026-4673, a heap buffer overflow issue in WebAudio that earned the reporting researcher a $7,000 bug bounty reward.
The same researcher discovered and reported CVE-2026-4677, an out-of-bounds read bug in WebAudio, but Google says it has yet to determine the bounty amount to be awarded for it.
In fact, the internet giant has disclosed only the amount paid for the first WebAudio flaw, but not the amounts to be handed out for the remaining vulnerabilities.
The latest Chrome update also resolves an out-of-bounds read bug in CSS (CVE-2026-4674), a heap buffer overflow defect in WebGL (CVE-2026-4675), three use-after-free issues in Dawn, WebGPU, and FedCM (CVE-2026-4676, CVE-2026-4678, and CVE-2026-4680), and an integer overflow vulnerability in Fonts (CVE-2026-4679).
Fixes for all security defects were included in Chrome versions 146.0.7680.164/165 for Windows and macOS, and version 146.0.7680.164 for Linux.
Users are advised to update their browsers as soon as possible, as Chrome vulnerabilities are often targeted in attacks.
Roughly two weeks ago, Google rolled out an emergency update to resolve two Chrome zero-days that were discovered internally only days after Chrome 146 was promoted to the stable channel.
The internet giant did not share information on the two zero-days, tracked as CVE-2026-3909 and CVE-2026-3910, but vulnerabilities discovered by Google are often targeted by commercial surveillance vendors.
Related: Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn
Related: M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds
Related: QNAP Patches Four Vulnerabilities Exploited at Pwn2Own
Related: Critical Quest KACE Vulnerability Potentially Exploited in Attacks
