John
March 24, 2026 (Last updated: March 24, 2026)
Chrome 146.0.7680.164/165 patches address 8 high-severity issues, confirmed across official Chromium logs, NVD, Tenable, and security advisories.
These primarily involve memory corruption in rendering engines like WebAudio and WebGL, enabling potential sandbox escapes or code execution via malicious HTML. Additional sources note 26-29 fixes in the broader March 2026 rollout, but the focus here is on the specified 8 high-severity CVEs.
Comprehensive Vulnerability Table
CVE ID
Component
Vulnerability Type
Reporter
Report Date
Bounty
Attack Vector
Source
CVE-2026-4673
WebAudio
Heap buffer overflow
c6eed09fc8b174b0f3eebedcceb1e792
2026-02-18
$7000
Crafted HTML page (out-of-bounds write)
Original log, Tenable​
CVE-2026-4674
CSS
Out of bounds read
Syn4pse
2026-02-27
TBD
Crafted HTML page (memory access)
Original log, NVD​
CVE-2026-4675
WebGL
Heap buffer overflow
86ac1f1587b71893ed2ad792cd7dde32
2026-02-27
TBD
Crafted HTML page (out-of-bounds read)
Original log, Tenable​
CVE-2026-4676
Dawn
Use after free
86ac1f1587b71893ed2ad792cd7dde32
2026-03-01
TBD
Crafted HTML page (sandbox escape)
Original log, NVD​
CVE-2026-4677
WebAudio
Out of bounds read
c6eed09fc8b174b0f3eebedcceb1e792
2026-03-07
TBD
Crafted HTML page
Original log
CVE-2026-4678
WebGPU
Use after free
Google
2026-03-10
TBD
Crafted HTML page
Original log
CVE-2026-4679
Fonts
Integer overflow
GF, Un3xploitable Of DeadSec
2026-03-11
TBD
Crafted HTML page
Original log
CVE-2026-4680
FedCM
Use after free
Shaheen Fazim
2026-03-12
TBD
Crafted HTML page (arbitrary code in sandbox)
Original log, NVD/Tenable
This table aggregates the original announcement with enriched details, such as attack vectors from NVD and Tenable, e.g., all exploitable via malicious sites without user interaction. Update to 146.0.7680.164+ immediately, as details are restricted to curb exploits.
I'm cybersecurity researcher and threat intelligence writer focused on malware campaigns, data breaches, OSINT, and emerging attack techniques. Passionate about breaking down complex security threats into clear, actionable insights.
