/pcq/media/agency_attachments/2025/02/06/2025-02-06t100846387z-pcquest-new-logo-png.png){kind=logo}
/pcq/media/member_avatars/2024-08-28t070132803z-img_7046.jpg )
Follow Us
/pcq/media/media_files/2026/02/24/google-chrome-emergency-update-patches-three-high-severity-flaws-2026-02-24-15-29-30.png)
Google has released an emergency update for the Chrome browser to patch three vulnerabilities with critical severity that affect everyone using any operating system.
The updates for Chrome are now available for 145.0.7632.116 (or .117) for Windows and macOS and 144.0.7559.116 for Linux. Because these updates will be distributed over time, you may not receive yours right away, but you can check for them on your own. You are strongly urged to do so by security experts because they are classified as having critical severity ratings.
All of the vulnerabilities were rated critically and present excellent opportunities to exploit their weaknesses in live environments.
Memory Safety Bugs Steal the Show This Release
Two of those three vulnerabilities have their roots in memory access issues that go way beyond what the software is supposed to be doing. These are the kinds of security holes that allow attackers to jump into the system, known as out-of-bounds memory access problems. Browsers are especially vulnerable to these types of weaknesses; they're commonly used as a springboard for more nasty attacks.
CVE-2026-3061: Media component memory read issue
The first of these, tracked as CVE-2026-3061, is a bug in Chrome's Media component. It was reported by Luke Francis on February 9th, 2026, and involves some pretty nasty memory reading going on. Here's the deal with media files: browsers often just automatically process these behind the scenes. If a rogue website managed to host a dodgy audio file, it could probably exploit this without so much as a click from the user.
CVE-2026-3062: WebGPU Tint memory corruption risk
The next one, CVE-2026-3062, is another nasty bug inside WebGPU Chrome's shader compiler, and it's part of the Tint component. It was reported by researcher Cinzinga on the 11th of February, 2026, and it's got out-of-bounds read and write conditions going on.
Out-of-bounds write problems are particularly bad news. They can mess around with memory structures, which in some cases allows the attackers to execute their own code within the browser's rendering process. And because more and more people are using WebGPU for graphics and compute workloads, this is a bad deal all round.
How DevTools Was Done Wrong
Number three is another one, this time in Chrome DevTools, reported on the 17th by M. Fauzan Wijaya (yes, that's Gh05t666nero for some people). It's not exactly a memory corruption bug, but what it is is that people who work on their own web projects are handed tools that just don't do what they're supposed to be doing. And that means that security holes can open up—ones that could even expose information about websites that are normally supposed to be off-limits.
Restricted disclosure and recommended action
Google stated that detailed technical information about these bugs will remain limited until most users have updated. This controlled disclosure approach is intended to reduce the likelihood of attackers reverse-engineering patches to develop exploits.
Users can verify their Chrome version and trigger the update by visiting:
Enterprise IT teams are encouraged to deploy the update through centralized management systems promptly. Given that browsers act as gateways to email, cloud platforms, financial services, and enterprise applications, keeping them updated remains one of the most effective basic security practices.
More For You
AI Security and Guardrails Take Focus at AI Safety Connect
Data privacy in 2026 is not about hacks it is about the comeback
The browser extensions you trusted may be spying on you
Using Chrome? Google says update now to avoid new security risks