Time to hit that ‘Relaunch’ button.
Google has officially rolled out a significant security update for its Chrome browser, targeting eight high-risk vulnerabilities that affect its massive global user base of approximately 3.5 billion people. While the tech giant confirms these aren’t zero-day threats, the “High” severity rating means you shouldn’t leave your browser’s safety to chance.
The update addresses a variety of technical leaks and memory issues within the browser’s core components. These vulnerabilities affect parts of the software we use every day without thinking, including how Chrome handles audio, 3D graphics, and even basic fonts.
According to the official Google Chrome Release blog, the eight patched vulnerabilities include:
- CVE-2026-4673: Heap buffer overflow in WebAudio
- CVE-2026-4674: Out-of-bounds read in CSS
- CVE-2026-4675: Heap buffer overflow in WebGL
- CVE-2026-4676: Use after free in Dawn (part of the WebGPU implementation)
- CVE-2026-4677: Out-of-bounds read in WebAudio
- CVE-2026-4678: Use after free in WebGPU
- CVE-2026-4679: Integer overflow in Fonts
- CVE-2026-4680: Use after free in FedCM
Google is intentionally keeping the specific technical blueprints of these bugs under wraps for now. This is a standard safety play to prevent bad actors from exploiting vulnerabilities before everyone has had a chance to patch them.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Srinivas Sista noted in the Google Chrome Release report.
How to get the update right now
The new versions are rolling out as 146.0.7680.164/165 for Windows and Mac, 146.0.7680.164 for Linux, and 146.0.76380.164 for Android users.
While Chrome usually updates itself in the background, this silent process can sometimes take days or even weeks to reach everyone. If you want to jump to the front of the line, you can manually trigger the update by following these steps:
- Click the three dots in the top-right corner of your browser.
- Hover over Help and select About Google Chrome.
- Chrome will automatically check for the update and download it.
- Important: You must click Relaunch to finish the process. The security fixes aren’t active until the browser restarts.
In cybersecurity, a “High” severity rating is a clear signal that the vulnerability could allow an attacker to execute code or bypass security layers if they manage to trick a user into visiting a malicious site. By patching these holes now, Google is essentially locking the windows before any intruders show up.
For a closer look at how attackers are slipping past defenses, check out this report on a Microsoft 365 phishing campaign that bypasses security codes.
