Full Report
Google Chrome security advisory (AV26-145)
Analysis Summary
# Vulnerability: Google Chrome Multiple Security Flaws (February 2026 Update)
## CVE Details
- **CVE ID:** CVE-2026-XXXXX (Specific CVE identifiers are detailed in the linked vendor advisory)
- **CVSS Score:** N/A (Standard for Chrome updates; severity typically ranges from Medium to High)
- **CWE:** Commonly includes Use-After-Free, Type Confusion, and Out-of-bounds memory access.
## Affected Systems
- **Products:** Google Chrome for Desktop
- **Versions:**
- Windows: Versions prior to 145.0.7632.109/.110
- macOS: Versions prior to 145.0.7632.109/.110
- Linux: Versions prior to 144.0.7559.109
- **Configurations:** All standard installations of Chrome on the affected operating systems.
## Vulnerability Description
While the specific technical flaws are detailed in the individual CVEs within the Google advisory, these updates typically address memory safety issues in the V8 JavaScript engine, rendering components, or sandbox escape vulnerabilities. At this scale of versioning (v144/145), Google typically addresses memory corruption bugs that could lead to arbitrary code execution within the browser's context.
## Exploitation
- **Status:** Check vendor advisory for "exploited in the wild" tags; typically, these are identified through internal audits or bug bounty programs.
- **Complexity:** Medium (Generally requires enticing a user to visit a malicious website).
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Potential to leak browser data)
- **Integrity:** High (Potential for unauthorized code execution)
- **Availability:** High (Commonly leads to browser crashes/denial of service)
## Remediation
### Patches
Update to the following versions or later:
- **Windows/Mac:** 145.0.7632.109/110
- **Linux:** 144.0.7559.109
### Workarounds
- There are no practical workarounds for web browser vulnerabilities other than updating the software.
- Ensure "Safe Browsing" is enabled to minimize the risk of visiting malicious sites.
## Detection
- **Indicators of Compromise:** Unusual browser crashes, unexpected background processes, or unauthorized changes to browser settings.
- **Detection Methods and Tools:** Audit installed software versions across the enterprise using Endpoint Detection and Response (EDR) tools or vulnerability scanners to identify out-of-date Chrome binaries.
## References
- Canadian Centre for Cyber Security Advisory: hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/google-chrome-security-advisory-av26-145
- Google Chrome Releases Blog: hxxps[://]chromereleases[.]googleblog[.]com/2026/02/stable-channel-update-for-desktop_18[.]html