"The first vulnerability, CVE-2026-4673, is a heap buffer overflow issue in WebAudio that earned the reporting researcher a $7,000 bug bounty reward. Google has yet to determine the bounty amount for CVE-2026-4677, another bug reported by the same researcher."
"The latest Chrome update resolves an out-of-bounds read bug in CSS (CVE-2026-4674), a heap buffer overflow defect in WebGL (CVE-2026-4675), and three use-after-free issues in Dawn, WebGPU, and FedCM."
"Users are advised to update their browsers as soon as possible, as Chrome vulnerabilities are often targeted in attacks. Google recently rolled out an emergency update to resolve two Chrome zero-days discovered internally."
Google's Chrome 146 update addresses eight high-severity memory safety vulnerabilities, including CVE-2026-4673, a heap buffer overflow in WebAudio. The researcher who reported this flaw received a $7,000 bounty. Other vulnerabilities include an out-of-bounds read in CSS, a heap buffer overflow in WebGL, and multiple use-after-free issues. Users are urged to update their browsers promptly due to the potential targeting of these vulnerabilities in attacks. Recent zero-day vulnerabilities were also discovered, but details remain undisclosed.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]