Tagged: Chrome 145
- This topic has 2 replies, 2 voices, and was last updated 2 weeks, 6 days ago by
Darrel Butil.
- AuthorPosts
- February 26, 2026 at 9:54 am #1727Darrel ButilParticipant
Google Chrome has released version 145 to the stable channel, fixing 11 security vulnerabilities, including three high-severity issues.
Based on additional analysis, the most serious flaw (CVE-2026-2313) is a use-after-free bug in CSS that could potentially allow attackers to execute malicious code through specially crafted web content. Two other high-severity issues affect the browser’s Codecs component (heap buffer overflow) and WebGPU (implementation flaw). These types of memory-related bugs are commonly targeted in browser attacks.
Several medium-severity vulnerabilities were also patched, including issues in Frames, Animation, Picture-in-Picture, File Input, DevTools, and Ozone. While rated medium, some of these flaws could still pose risks in enterprise environments if combined with other weaknesses.
Google stated there is no evidence of active exploitation. However, attackers often analyze patches after release, so users and organizations are strongly advised to update immediately.
Reference: Security Week
Chrome 145 is now available for Windows, macOS, and Linux systems.
February 27, 2026 at 1:44 pm #1757Alpert SebastianParticipantGiven the high-severity memory corruption flaws fixed in Google Chrome 145, what is the recommended update timeline for enterprise environments, and are there any additional mitigations advised for systems that cannot be patched immediately?
February 27, 2026 at 2:18 pm #1758Darrel ButilParticipantRecommended update timeline
• Ideally within 24–72 hours of release for internet-facing systems and high-risk users (admins, finance, executives).
• No later than 7 days in most enterprise environments.
• If there is confirmed active exploitation, rollout should be immediate (same day or next day).
Since Google mentioned there’s no evidence of active exploitation yet, this would still fall under a rapid but controlled deployment, not a delayed one.If systems can’t be patched immediately
If some machines cannot be updated right away (due to application compatibility testing or operational constraints), consider these temporary mitigations:
1. Restrict browser use
• Limit access to untrusted or external websites.
• Use web filtering or DNS filtering to block risky domains.2.Disable or limit risky features
• Turn off or restrict WebGPU via policy if not required.
• Disable unnecessary extensions.
• Remove unused plugins.3. Harden the environment
• Ensure Chrome sandboxing is enabled (default in most cases).
• Enforce least-privilege access (no local admin rights for standard users).
• Enable endpoint detection/EDR monitoring for suspicious browser behavior.4.Network controls
• Use proxy filtering and intrusion detection systems to monitor exploit attempts.
• Segment critical systems from general user browsing networks.5.Virtualization / Isolation
• Consider browser isolation solutions (remote browser isolation) for high-risk users until patching is complete.Bottom line
For high-severity Chrome vulnerabilities like these, enterprises should plan to deploy updates within a few days, not weeks. If patching must be delayed, layered security controls should be applied to reduce exposure until the update is installed. - AuthorPosts
- You must be logged in to reply to this topic.