Chrome 145 patches critical memory flaws and DevTools bug in latest st

Chrome 145 patches critical memory flaws and DevTools bug in latest stable update

Google has rolled out Chrome 145.0.7632.116/117 for desktop and 145.0.7632.120 for Android, addressing three high-severity vulnerabilities—including memory corruption risks in media and WebGPU, plus an implementation flaw in DevTools. No active exploitation has been reported, but admins should prior...

Google’s latest Chrome update—versions 145.0.7632.116 and 145.0.7632.117 for Windows, macOS, and Linux, alongside 145.0.7632.120 for Android—closes three newly disclosed high-risk vulnerabilities, two of which involve memory corruption that could enable arbitrary code execution. A third issue stems from an improper implementation in DevTools. While none are currently being exploited, the fixes are critical for environments where Chrome handles untrusted content or runs with elevated privileges.

The most severe flaws target the browser’s media pipeline and WebGPU compiler. The media component vulnerability (CVE-2026-3061) allows out-of-bounds memory access during playback, potentially leading to crashes or remote code execution if an attacker crafts malicious input. A separate flaw in the Tint WebGPU compiler (CVE-2026-3062) similarly enables read/write operations beyond allocated memory buffers, with comparable risks. Both were reported by external researchers in February and classified as high-severity.

The third issue (CVE-2026-3063) is described as an ‘inappropriate implementation’ in DevTools, though specifics remain limited. Google’s security team has confirmed all three were addressed in the latest stable channel, with no evidence of in-the-wild attacks.

What changes for users?

End users will see minimal disruption, as Chrome updates automatically by default. Those managing enterprise deployments should verify the update is applied across all devices, particularly in high-risk scenarios like shared kiosks or public terminals where malicious payloads could be injected. Manual checks can be triggered via Help > About Google Chrome to confirm version alignment.

Administrative and deployment considerations

Patch priority: Deploy the update immediately in environments where Chrome processes untrusted media (e.g., video players, WebGL-based applications) or runs with elevated permissions.
Compatibility: The update maintains compatibility with existing extensions and enterprise policies, though admins should test WebGPU-dependent applications for rendering stability post-update.
Rollout strategy: For large fleets, staged deployment is recommended to monitor for edge cases, particularly in DevTools-heavy workflows.
Next release: Chrome 146 is scheduled for early March, with additional security fixes expected. Admins should plan for overlapping patch cycles.

Key takeaways

No active exploitation reported, but fixes address critical memory corruption risks.
WebGPU and media components are primary focus areas for the update.
DevTools flaw requires no user interaction to exploit, though impact is limited to debugging contexts.
Automatic updates apply by default; manual verification ensures consistency in managed environments.