CHROME-2026-03-10

The Chrome team is delighted to announce the promotion of Chrome 146 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.Chrome 146.0.7680.71 (Linux) 146.0.7680.71/72 Windows/Mac contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 146.Security Fixes and RewardsNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.This update includes 29 security fixes. Please see the Chrome Security Page for more information. Critical CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-10 High CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga on 2026-02-04 High CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-12 High CVE-2026-3916: Out of bounds read in Web Speech. Reported by Grischa Hauser on 2026-02-09 High CVE-2026-3917: Use after free in Agents. Reported by Syn4pse on 2026-02-11 High CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse on 2026-02-12 High CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2025-09-10 High CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google on 2026-02-09 High CVE-2026-3921: Use after free in TextEncoding. Reported by Pranamya Keshkamat & Cantina.xyz on 2026-02-17 High CVE-2026-3922: Use after free in MediaStream. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18 High CVE-2026-3923: Use after free in WebMIDI. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-20 High CVE-2026-3924: Use after free in WindowDialog. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on...