[CIVN-2026-0170] Multiple Vulnerabilities in Google Chrome for Desktop
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Google Chrome for Desktop
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Google Chrome versions prior to 146.0.7680.177 for Linux
Google Chrome versions prior to 146.0.7680.177/178 for Windows and Mac
Overview
Multiple vulnerabilities have been reported in Google Chrome which could allow a remote attacker to execute arbitrary code, bypass security restrictions, or disclose sensitive information on the targeted system.
Target Audience:
All end-user organizations and individuals using Google Chrome for Desktop.
Risk Assessment:
High risk of remote code execution, memory corruption, and security bypass.
Impact Assessment:
Successful exploitation could lead to system compromise, data theft, or service disruption.
Description
Multiple vulnerabilities exist in Google Chrome due to Use-after-free in CSS, Web MIDI, WebCodecs, Dawn, WebGL, PDF, WebView, Navigation and Compositing; Heap buffer overflow in GPU and ANGLE; Integer overflow in ANGLE and Codecs; Out-of-bounds read in WebCodecs; Object corruption in V8; Inappropriate implementation in ANGLE and WebGL; Insufficient policy enforcement in WebUSB. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.
Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, bypass security restrictions, or disclose sensitive information on the targeted system.
Note: An exploit for CVE-2026-5281 (Use-after-free in Dawn) has been reported in the wild.
Solution
Apply appropriate updates as mentioned as mentioned by the Vendor:
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
Vendor Information
Google Chrome
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
References
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
CVE Name
CVE-2026-5272
CVE-2026-5273
CVE-2026-5274
CVE-2026-5275
CVE-2026-5276
CVE-2026-5277
CVE-2026-5278
CVE-2026-5279
CVE-2026-5280
CVE-2026-5281
CVE-2026-5282
CVE-2026-5283
CVE-2026-5284
CVE-2026-5285
CVE-2026-5286
CVE-2026-5287
CVE-2026-5288
CVE-2026-5289
CVE-2026-5290
CVE-2026-5291
CVE-2026-5292
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnOiG4ACgkQ3jCgcSdc
ys8IDA/8D17Ub1HHyw/O5LDMXscmo/Q/q4A93Y69mcGewsr8OYThaeUoXhOyVlzm
h0PifFPm3k156VeUuBpdb2XjmMNj50y6wOmV/h2yDs/Z7l5c0gsYH3cVhSFPCIsS
Re22TtTWRuA1TdC6cE3Hm1R386oTir7Pv/7AvHYrQ8upud2324tjGVU1U415RwmU
vat+qKKPHGcMR3myiDkXFaM7y76bLbg+q7f/N/hzXDNoi1542GH337w2aDPx6AVO
ZRI/laXLND/HuINefhFijx2SY/TYZBhyflKBxixW43ZNLGOtMBKQmFtLuEwRzJMb
LiWp8KgJSdLjXH7xCnUlUYS4qpIMQQtt+Qixt7jcWuRCegTMQbrUkRr2jbnhHUmM
dtKbN8DRF4kYs6t7Yxo7IAaIZrLOP3CCd9ptTx5luzw+HVDV+BR8FbASNQY7J9Uj
p/qqb/MSxl+/WBHjDki2X8nwma8wvogsQLvul7cFVe1MhHaCxIJwUxvl+IpTA0ab
ltrn5dBs3P3HhdeTXmqavO7wdpt9+zPg9P6TPEFCHLQHHBQmQi6s3Y67pA9cVvpj
jiCQ81GhdLyZWFZdfdSeHNCh3jpUP5udWXjKVOlLmn0FRQ+Bs3d1LLh7yJJ366pq
PD5WK47VUl1wBp4Z6jaHIzkRJCvMuiUUQjIRdWCadgvpibD/RLk=
=TU21
—–END PGP SIGNATURE—–
