Google Chrome Patch Advisory

Google has released an urgentsecurity update for the Chrome browser, addressing 10 securityvulnerabilities, three rated Critical and seven rated High.

The update (version145.0.7632.159 / 160) was deployed and is actively rolling out across allplatforms.

The critical flaws include integeroverflows in the ANGLE and Skia graphics engines and an object lifecyclevulnerability in the PowerVR component. Successful exploitation of thesevulnerabilities could allow a remote attacker to execute arbitrary code orfully compromise an affected system potentially without user interaction beyondvisiting a malicious webpage.

All organizations are to apply this patch immediately. Enterprise security teams should validate that automated patch management systems are delivering Chrome version 145 across all corporate endpoints.

‍

CVE References

CVE-2026-3536, CVE-2026-3537, CVE-2026-3538, CVE-2026-3539, CVE-2026-3540,

CVE-2026-3541, CVE-2026-3542, CVE-2026-3543, CVE-2026-3544, CVE-2026-3545

‍

Affected Versions & Fixed Releases

Vulnerability Details

Risk Assessment

• ‍Exploitation Vector: Remote attacker can target users via malicious web pages or crafted content without physical access.
  ‍
• Exploit Complexity: Low to Medium integer overflows and object lifecycle flaws in graphics and rendering engines are well-understood attack classes.
  ‍
• Impact: Full system compromise is possible. Arbitrary code execution in the context of the browser process, with potential forsandbox escape.
  ‍‍
• Active Exploitation: Google has not confirmed in-the-wild exploitation at time of publishing; however, the critical rating warrants treating this as imminently exploitable.
  ‍‍
• Detection Tools: These bugs were identified using AddressSanitizer and libFuzzer, sophisticated memory sanitization tooling that indicates deep memory management flaws.

Recommended Actions

End Users

• Open Chrome and click the three-dotmenu (⋮) in the top-right corner.
• Navigate to Help → About Google Chrome.
• Chrome will automatically check for and download the latest version.
• Click Relaunch to apply the update. Verify the version shows 145.0.7632.159 or later.

Enterprise & Security Teams

• Validate that automated patch management platforms (SCCM, Intune, etc.) are actively pushing Chrome version 145 to all corporate endpoints.
  ‍
• Prioritize patching for endpoints with access to sensitive systems, financial platforms, or customer data environments.
  ‍
• Until patching is confirmed, consider restricting Chrome usage to internal resources only, or enforcing managed browser policies that block untrusted web content.
  ‍
• Update endpoint detection rules to flag exploitation indicators associated with memory corruption in ANGLE, Skia, and PowerVR components.
  ‍
• Review browser telemetry and SIEM alerts for anomalous Chrome process behaviour indicative of sandbox escape or code injection.
  ‍
• Confirm patch rollout completion and document in your vulnerability management tracker with a deadline of 48 hours from advisory receipt.

‍