Google Issues Crucial Security Update for Chrome Users
As of March 29, Google has announced a significant security update for approximately 3.5 billion Chrome web browser users. This update addresses eight high-risk vulnerabilities, which are not classified as zero-day threats, indicating they have not been exploited by cybercriminals.
Chrome users will receive automatic updates, but the rollout may take several days or weeks. To ensure quick protection, users are encouraged to manually initiate the update process. Here’s how to protect yourself.
Latest Security Vulnerabilities
Desktop and laptop users are receiving the update, bringing Chrome to versions 146.0.7680.164/165 for Windows and Mac, and 146.0.7680.164 for Linux systems. Android users are being updated to version 146.0.76380.164.
The eight vulnerabilities affect various features, including WebAudio, WebGL, WebGPU, and the Chrome Fonts component:
- CVE-2026-4673: Heap buffer overflow in WebAudio
- CVE-2026-4674: Out-of-bounds read in CSS
- CVE-2026-4675: Heap buffer overflow in WebGL
- CVE-2026-4676: Use after free in Dawn (related to WebGPU)
- CVE-2026-4677: Out-of-bounds read in WebAudio
- CVE-2026-4678: Use-after-free in WebGPU
- CVE-2026-4679: Integer overflow in Fonts
- CVE-2026-4680: Use after free in FedCM (a privacy-focused component)
Reasons to Update Chrome Immediately
While these vulnerabilities are not the most alarming, they still require prompt action. Regular updates are essential for maintaining security. To ensure you are on the latest version, navigate to Help > About Google Chrome in the three-dot menu at the top right of your browser. Relaunching the browser is necessary to activate the update.
ShadowPrompt: A Warning for Extensions
Security research uncovered a risk related to the ShadowPrompt vulnerability, primarily affecting a specific Chrome extension. This flaw could have allowed malicious websites to misuse the extension without user consent. Fortunately, the vulnerability has been addressed.
Users are advised to verify their version of the extension to ensure it is updated to avoid potential risks.
Staying Vigilant Against Rogue Extensions
While some risks have been managed, users should remain aware of scenarios where legitimate extensions can become security threats. If a valid extension is hacked or sold to a malicious entity, it can pose risks. Google has systems in place to disable malicious extensions, and it’s beneficial to enable Google Safe Browsing settings to protect against malware and online threats.
Consider using an extension that monitors the ownership of other extensions you have installed, alerting you to any changes that could pose risks.
Key Takeaways
- Patch Up: Ensure Chrome is up to date to cover exploits.
- Check Extensions: Regularly verify the legitimacy of installed extensions.
- Be Proactive: Use built-in protections and consider additional tools to monitor extension changes.
- Stay Informed: Follow news about security vulnerabilities to stay ahead of potential threats.
- Engage in Safe Browsing: Adjust Safe Browsing settings for enhanced protection.
Staying informed and vigilant can significantly reduce your risk while browsing online.