- 75/2026
- Critical
Google has released an updated Chrome version 146.0.7680.177/178 for Windows/Mac and 146.0.7680.177 for Linux.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, cause memory corruption, read out-of-bounds memory, corrupt objects, cause integer overflows, or bypass security and policy restrictions across multiple browser components by persuading the victim to visit a maliciously crafted website.
Sample of the addressed vulnerabilities:
1. Google Chrome Use After Free in Compositing Vulnerability (CVE-2026-5290):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Bypass Security
2. Google Chrome Exposure of Sensitive Information Vulnerability (CVE-2026-5291):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
It should be highlighted that Google is aware that the vulnerability “CVE-2026- 5281” is now being exploited in the wild.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.