Chrome 145 Fixes 11 Security Flaws
Google Releases Chrome 145 with Security Patches
Google has released Chrome 145, the latest version of its web browser, which addresses 11 vulnerabilities, including three high-severity issues.
High-Severity Vulnerabilities
The most critical of these is a use-after-free bug in CSS, tracked as CVE-2026-2313, which earned the reporting researchers a bug bounty reward of $8,000.
Two other high-severity vulnerabilities, CVE-2026-2314 and CVE-2026-2315, were discovered and reported by Google’s internal security team. The first is a heap buffer overflow in Codecs, while the second is an inappropriate implementation in WebGPU.
Medium-Severity Vulnerabilities
Among the medium-severity vulnerabilities patched in Chrome 145 is CVE-2026-2316, an insufficient policy enforcement issue in Frames, for which the reporting researcher received a $5,000 bug bounty reward.
Another medium-severity issue, CVE-2026-2317, is an inappropriate implementation in Animation, which earned a $2,000 reward.
The browser update also resolves two medium-severity inappropriate implementation flaws in PictureInPicture and File input, for which Google paid $1,000 and an undisclosed amount, respectively.
Additionally, two low-severity inappropriate implementation bugs impacting File Input and Overall were addressed.
The remaining two medium-severity issues include a race condition in DevTools and a use-after-free defect in Ozone.
Bug Bounty Rewards
In total, Google paid out over $18,000 in bug bounty rewards to the reporting researchers.
Availability and Security Advisory
Chrome 145 is now available as version 145.0.7632.45 for Linux and as versions 145.0.7632.45/46 for Windows and macOS.
Google has not reported any instances of the addressed vulnerabilities being exploited in the wild.
Users are advised to apply the patches as soon as possible to ensure the security of their systems.
Patched Vulnerabilities
- CVE-2026-2313: High-severity use-after-free issue in CSS
- CVE-2026-2314: High-severity heap buffer overflow in Codecs
- CVE-2026-2315: High-severity inappropriate implementation in WebGPU
- CVE-2026-2316: Medium-severity insufficient policy enforcement issue in Frames
- CVE-2026-2317: Medium-severity inappropriate implementation in Animation
- Medium-severity inappropriate implementation flaws in PictureInPicture and File input
- Medium-severity race condition in DevTools
- Medium-severity use-after-free defect in Ozone
- Low-severity inappropriate implementation bugs impacting File Input and Overall
“Google paid out over $18,000 in bug bounty rewards to the reporting researchers.”
About Author
English