"Google on Tuesday announced the release of Chrome 145 to the stable channel with fixes for 11 vulnerabilities, including three high-severity bugs. First in line is CVE-2026-2313, a high-severity use-after-free issue in CSS that earned the reporting researchers an $8,000 bug bounty reward. The two other high-severity defects, tracked as CVE-2026-2314 and CVE-2026-2315, were found and reported by Google and are described as a heap buffer overflow in Codecs and an inappropriate implementation in WebGPU, respectively."
"Based on the paid bug bounty, the most serious of the medium-severity vulnerabilities patched in Chrome 145 is CVE-2026-2316, an insufficient policy enforcement issue in Frames that earned the reporting researcher $5,000. Next in line is CVE-2026-2317, an inappropriate implementation in Animation for which Google paid a $2,000 reward. The fresh browser update also resolves two medium-severity inappropriate implementation flaws in PictureInPicture and File input. Google says it paid $1,000 for the first, but has yet to disclose the amount for the second."
Chrome 145 fixes 11 vulnerabilities, including three high-severity bugs. CVE-2026-2313 is a high-severity use-after-free in CSS that earned an $8,000 bounty. CVE-2026-2314 is a heap buffer overflow in Codecs and CVE-2026-2315 is an inappropriate implementation in WebGPU. Medium-severity fixes include CVE-2026-2316 (insufficient policy enforcement in Frames, $5,000), CVE-2026-2317 (inappropriate implementation in Animation, $2,000), and two inappropriate implementation flaws in PictureInPicture and File input (Google paid $1,000 for PictureInPicture). Additional medium issues include a DevTools race condition and an Ozone use-after-free. Two low-severity File Input and Downloads bugs were also addressed. Chrome versions 145.0.7632.45/46 roll out for Linux, Windows, and macOS. No in-the-wild exploitation reported; users should apply patches promptly.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]