Google has released an important security update for its Chrome browser that fixes 29 security holes that could let hackers run harmful code and take control of users' computers. The update moves Chrome version 146 to the stable channel for Windows, Mac, and Linux. It came out on March 10, 2026.

It is very important that users update their browsers right away to version 146.0.7680.71 for Linux and version 146.0.7680.71/72 for Windows and Mac. The update fixes a number of memory corruption vulnerabilities that attackers often use to take control of systems by running code from a distance (RCE). WebML has a serious security hole. The most serious problem fixed in this release is CVE-2026-3913, a critical heap buffer overflow vulnerability in the WebML part of Chrome.

The update, which came out on March 10, 2026, fixes 29 security holes. Security researcher Tobias Wienand found this bug and got a $33,000 reward through Google's vulnerability reward program. When a program writes more data to memory than it has been given, it can overwrite nearby memory regions, which is called a heap buffer overflow vulnerability.

Attackers can use these kinds of bugs to make programs crash or run any code they want. If someone successfully exploits Chrome, they could take over a victim's system completely by getting them to visit a bad website. Google fixed 11 high-severity vulnerabilities in addition to the critical one.

A lot of these have "Use After Free" (UAF) errors and bugs that let you access memory that isn't supposed to be there. These bugs affect many parts of the browser, including Web Speech, Agents, Extensions, TextEncoding, and MediaStream. UAF vulnerabilities are very dangerous because they happen when a program keeps using memory after it has been freed.

Attackers can change these memory references to add harmful code or take over the browser process. The Chrome team also fixed 17 medium- and low-severity security holes in a number of parts, such as the V8 JavaScript engine, the Chrome PDF viewer, the developer tools, and the navigation systems. Some of these problems are not enough enforcement of policies, leaks of information through side channels, wrong implementations of security user interfaces, and memory access errors.

CVE ID for High-Severity Chrome 146 Vulnerabilities: CVE-2026-3913 Important Heap buffer overflow in WebML CVE-2026-3914 WebML CVE-2026-3915 has a high integer overflow, and WebML CVE-2026-3916 has a high heap buffer overflow. Web Speech CVE-2026-3917 has a high out-of-bounds read. High Use-after-free in Agents CVE-2026-3918 WebMCP CVE-2026-3919 has a high use-after-free issue.

CVE-2026-3920: High Use-after-free in Extensions CVE-2026-3921: High Out-of-bounds memory access in WebML TextEncoding CVE-2026-3922 has a high use-after-free issue. High Use-after-free in MediaStream CVE-2026-3923 CVE-2026-3924: High Use-after-free in WebMIDI High Use-After-Free in WindowDialog To lower the risk of exploitation, users should apply the update right away. It's easy to update Chrome and only takes a few steps: Click the three dots in the top right corner of Google Chrome to open it.

Go to "Help" and then click on "About Google Chrome." Let Chrome download and install version 146.0.7680.71 or 146.0.7680.72 on its own. To use the security fixes, you need to restart your browser.

Make sure that automatic updates are still turned on for future security patches. Security experts say that browsers are a top target for hackers because they are the main way to get to the internet. One of the best ways to keep systems safe from exploitation and new web-based threats is to regularly install updates.