—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Google Chrome for Desktop

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Google Chrome versions prior to 146.0.7680.177 for Linux

Google Chrome versions prior to 146.0.7680.177/178 for Windows and Mac

Overview

Multiple vulnerabilities have been reported in Google Chrome which could allow a remote attacker to execute arbitrary code, bypass security restrictions, or disclose sensitive information on the targeted system.

Target Audience:

All end-user organizations and individuals using Google Chrome for Desktop.

Risk Assessment:

High risk of remote code execution, memory corruption, and security bypass.

Impact Assessment:

Successful exploitation could lead to system compromise, data theft, or service disruption.

Description

Multiple vulnerabilities exist in Google Chrome due to Use-after-free in CSS, Web MIDI, WebCodecs, Dawn, WebGL, PDF, WebView, Navigation and Compositing; Heap buffer overflow in GPU and ANGLE; Integer overflow in ANGLE and Codecs; Out-of-bounds read in WebCodecs; Object corruption in V8; Inappropriate implementation in ANGLE and WebGL;  Insufficient policy enforcement in WebUSB. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, bypass security restrictions, or disclose sensitive information on the targeted system.

Note: An exploit for CVE-2026-5281 (Use-after-free in Dawn) has been reported in the wild.

Solution

Apply appropriate updates as mentioned as mentioned by the Vendor:

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html

Vendor Information

Google Chrome

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html

References

 

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html

CVE Name

CVE-2026-5272

CVE-2026-5273

CVE-2026-5274

CVE-2026-5275

CVE-2026-5276

CVE-2026-5277

CVE-2026-5278

CVE-2026-5279

CVE-2026-5280

CVE-2026-5281

CVE-2026-5282

CVE-2026-5283

CVE-2026-5284

CVE-2026-5285

CVE-2026-5286

CVE-2026-5287

CVE-2026-5288

CVE-2026-5289

CVE-2026-5290

CVE-2026-5291

CVE-2026-5292

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnOiG4ACgkQ3jCgcSdc

ys8IDA/8D17Ub1HHyw/O5LDMXscmo/Q/q4A93Y69mcGewsr8OYThaeUoXhOyVlzm

h0PifFPm3k156VeUuBpdb2XjmMNj50y6wOmV/h2yDs/Z7l5c0gsYH3cVhSFPCIsS

Re22TtTWRuA1TdC6cE3Hm1R386oTir7Pv/7AvHYrQ8upud2324tjGVU1U415RwmU

vat+qKKPHGcMR3myiDkXFaM7y76bLbg+q7f/N/hzXDNoi1542GH337w2aDPx6AVO

ZRI/laXLND/HuINefhFijx2SY/TYZBhyflKBxixW43ZNLGOtMBKQmFtLuEwRzJMb

LiWp8KgJSdLjXH7xCnUlUYS4qpIMQQtt+Qixt7jcWuRCegTMQbrUkRr2jbnhHUmM

dtKbN8DRF4kYs6t7Yxo7IAaIZrLOP3CCd9ptTx5luzw+HVDV+BR8FbASNQY7J9Uj

p/qqb/MSxl+/WBHjDki2X8nwma8wvogsQLvul7cFVe1MhHaCxIJwUxvl+IpTA0ab

ltrn5dBs3P3HhdeTXmqavO7wdpt9+zPg9P6TPEFCHLQHHBQmQi6s3Y67pA9cVvpj

jiCQ81GhdLyZWFZdfdSeHNCh3jpUP5udWXjKVOlLmn0FRQ+Bs3d1LLh7yJJ366pq

PD5WK47VUl1wBp4Z6jaHIzkRJCvMuiUUQjIRdWCadgvpibD/RLk=

=TU21

—–END PGP SIGNATURE—–