Multiple Chrome Vulnerabilities Allow Memory Safety Issues

EXECUTIVE SUMMARY:

A stable channel update introduces Chrome 146 for Windows Mac and Linux addressing multiple security weaknesses in the browser. The release resolves 29 vulnerabilities including a critical memory safety flaw in the WebML component and several high-severity issues linked to memory management problems such as heap buffer overflow integer overflow out-of-bounds read and use after free conditions. These weaknesses could allow unintended memory access or instability in browser components including Web Speech Extensions MediaStream WebMIDI and WindowDialog. The update also fixes additional medium and low severity issues involving incorrect security interface behavior and insufficient policy enforcement across browser features such as Picture-in-Picture WebApp installation mechanisms PDF viewer policies and Clipboard handling. Access to technical details remains restricted to prevent misuse while users gradually receive the update.[emaillocker id="1283"]

• CVE-2026-3913: This vulnerability has a CVSS score of 9.8 and occurs due to a heap buffer overflow in the WebML component which could allow memory corruption.

• CVE-2026-3914: This vulnerability has a CVSS score of 8.8 and is caused by an integer overflow in the WebML component which may lead to unexpected memory operations.

• CVE-2026-3915: This vulnerability has a CVSS score of 8.8 and involves a heap buffer overflow in WebML which may result in memory safety violations.

• CVE-2026-3916: This vulnerability has a CVSS score of 8.1 and occurs due to an out-of-bounds read in the Web Speech component allowing unintended memory access.

• CVE-2026-3917: This vulnerability has a CVSS score of 8.8 and is caused by a use after free condition in Extensions which may allow memory corruption.

• CVE-2026-3918: This vulnerability has a CVSS score of 8.8 and involves a use after free issue in MediaStream which may lead to memory misuse.

• CVE-2026-3919: This vulnerability has a CVSS score of 8.8 and occurs due to a use after free flaw affecting WebMIDI which could allow unintended memory access.

• CVE-2026-3920: This vulnerability has a CVSS score of 8.8 and is caused by a use after free condition impacting WindowDialog which may lead to memory corruption.

• CVE-2026-3921: This vulnerability has a CVSS score of 8.8 and involves a use after free issue affecting browser components leading to potential memory misuse.

• CVE-2026-3922: This vulnerability has a CVSS score of 8.8 and occurs due to a use after free flaw impacting browser processes which may cause memory corruption.

• CVE-2026-3923: This vulnerability has a CVSS score of 8.8 and is related to a use after free issue that may result in unsafe memory handling.

• CVE-2026-3924: This vulnerability has a CVSS score of 8.8 and involves a use after free condition affecting browser functionality which could cause memory safety issues.

The update resolves multiple security weaknesses including a critical memory safety flaw and several high severity issues affecting key browser components. Applying the latest browser version helps ensure protection against the identified vulnerabilities and strengthens overall browser security.

RECOMMENDATION:

We strongly recommend update Chrome to below version link: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html

REFERENCES:

The following reports contain further technical details:

https://securityonline.info/chrome-146-arrives-with-29-security-fixes-critical-webml-flaw-discovered/