Patch for 29 Chrome security holes Google has officially released Chrome version 146 to the stable channel This article explores patch 29 chrome. . This version includes important security updates for users of Windows, Mac, and Linux.
Over the next few days, Chrome 146.0.7680.71 for Linux and 146.0.7680.71/72 for Windows and Mac will be released. It fixes 29 security holes. If these flaws aren't fixed, they could let attackers run any code they want, break the system's security, or cause denial-of-service attacks. The most serious security hole fixed in this release is CVE-2026-3913, a Critical-severity heap buffer overflow in the WebML component.
Tobias Wienand, a security researcher, found this memory corruption problem and got a $33,000 bug bounty for it. When a program writes more data to a memory location than the size that was set aside for it, it causes a heap buffer overflow.
This flaw can be used by threat actors to overwrite nearby memory structures, which could lead to remote code execution (RCE) when a user visits a maliciously crafted web page. Vulnerabilities of High Severity Fixed Google fixed 11 High-severity vulnerabilities in addition to the critical one. In this update cycle, the WebML API was a common target, with two more High-severity bugs (CVE-2026-3914 and CVE-2026-3915) getting $43,000 each in bounty payments.
Some other important High-severity patches fix out-of-bounds read and use-after-free (UAF) bugs in different parts of the browser. UAF flaws happen when a program tries to access memory that has been freed. Attackers often use this method to get around browser security sandboxes. Some important fixes for high-severity problems are: CVE-2026-3916: A flaw in the Web Speech component that lets you read data outside of its normal range.
CVE-2026-3917 and CVE-2026-3918: Use-after-free bugs in the Agents and WebMCP parts. CVE-2026-3919: A bug in Chrome Extensions that happens when you use something after you've freed it. CVE-2026-3921 to CVE-2026-3924: There are several use-after-free bugs that affect TextEncoding, MediaStream, WebMIDI, and WindowDialog.
The update also fixes a number of problems that are Medium and Low severity. These range from incorrect security UI implementations in components like PictureInPicture to insufficient policy enforcement in PDF and DevTools. Google gave independent researchers more than $150,000 in bug bounties for finding these problems before they could be used to attack people. To protect users, Google restricts access to specific bug details and exploit links until a majority of the user base has updated their browsers.
This prevents threat actors from reverse-engineering the patches to target vulnerable individuals.
As hackers focus more and more on web browsers, people and businesses need to make sure they get security updates as soon as possible to protect themselves from more advanced threats. Open Google Chrome, go to the three-dot menu, choose "Help," and then click on "About Google Chrome" to make sure your browser is safe. The update for version 146 will be checked for and installed by the browser on its own.
To use the newest protections, you need to quickly restart your browser. This strengthens your defense-in-depth strategy against new vulnerabilities., LinkedIn, and X for daily updates on cybersecurity. Get in touch with us to have your stories featured.
