Table of Contents
Is Your Google Chrome Browser Still Safe to Use After the Latest 2026 Security Vulnerabilities?
What Just Changed in Chrome
Google pushed a new Chrome update on February 23, 2026, bringing the browser to version 145.0.7632.116/117 on Windows and macOS. Linux users receive version 144.0.7559.116, while Android users are updated to version 145.0.7632.120. This update closes three high-severity security flaws discovered within a tight two-week window — a pace that signals these vulnerabilities warranted urgent attention.
The Three Patched Vulnerabilities
All three flaws are rated High severity, a classification Google reserves for issues with significant real-world exploitation potential:
- CVE-2026-3061 — An out-of-bounds read in the Media component, reported by Luke Francis on February 9, 2026
- CVE-2026-3062 — An out-of-bounds read and write in Tint, reported by cinzinga on February 11, 2026; notably this flaw specifically affects the macOS version of Chrome
- CVE-2026-3063 — An inappropriate implementation in DevTools, reported by M. Fauzan Wijaya (Gh05t666nero) on February 17, 2026
Out-of-bounds memory vulnerabilities — like CVE-2026-3061 and CVE-2026-3062 — are especially worth taking seriously. They frequently serve as building blocks for remote code execution or sandbox escape chains when paired with additional exploits.
Beyond these three, Google also folded in fixes from internal audits, fuzzing programs, and other ongoing security initiatives.
CVE-2026-2441: The Actively Exploited Flaw
Before this latest patch, Google had already issued an emergency update on February 13, 2026 to address a separate, actively exploited vulnerability. That flaw, CVE-2026-2441, was a use-after-free bug in Chrome’s CSS processing engine.
Here’s why this matters: a use-after-free error occurs when a program continues referencing memory that has already been freed. An attacker who exploits this can run arbitrary code inside the browser’s sandbox simply by luring a user to a crafted HTML page — no further interaction needed. The vulnerability carries a CVSS 3.1 score of 8.8, placing it firmly in the “High” risk tier. Security firm Orca Security confirmed that active exploitation was observed in the wild. This flaw was fixed starting with Chrome version 145.0.7632.75.
Extended Stable Channel
For enterprise and organizational users on the Extended Stable Channel, Google will release version 144.0.7559.225 for Windows and Mac in the coming days or weeks. If your organization delays updates for compatibility testing, this is the version to watch for.
What You Should Do Right Now
Both Google Chrome and Microsoft Edge (which shares the Chromium engine) should update automatically if affected. Still, auto-updates don’t always apply immediately, so:
- Open Chrome and go to the menu → Help → About Google Chrome to trigger a manual check
- Confirm your version reads 145.0.7632.116 or higher on Windows/Mac
- If you’re on Linux, verify you’re running 144.0.7559.116 or later
- Android users should confirm version 145.0.7632.120 via the Play Store
- Organizations should also update endpoint detection tools to recognize browser exploit patterns tied to these CVEs
Given that CVE-2026-2441 is already confirmed as exploited in the wild, treating this update as a priority — not a convenience — is the prudent call.