Full Report
Google Chrome security advisory (AV26-194)
Analysis Summary
# Vulnerability: Google Chrome Stable Channel Multiple Vulnerabilities (March 2026)
## CVE Details
*Note: The primary advisory (AV26-194) references several vulnerabilities addressed in the latest stable channel update. For specific CVE breakdowns, refer to the Google Chrome Releases blog.*
- **CVE ID:** CVE-2026-XXXX (Multiple)
- **CVSS Score:** N/A (Google does not typically provide internal CVSS, but these are rated as **High** severity by the vendor)
- **CWE:** Commonly includes Use-After-Free, Out-of-bounds Write, and Type Confusion.
## Affected Systems
- **Products:** Google Chrome for Desktop
- **Versions:**
- Chrome for Windows & Mac: Versions prior to 145.0.7632.159/160
- Chrome for Linux: Versions prior to 145.0.7632.159
- **Configurations:** Default installations of the Chrome browser on desktop platforms.
## Vulnerability Description
This advisory addresses various security flaws discovered within the Chromium engine. While the specific technical breakdowns for each CVE are often restricted until a majority of users are updated, these updates typically remediate:
- **Memory Corruption Issues:** Flaws in components like V8 (JavaScript engine), Dawn, or Blink that could allow for unauthorized memory access.
- **Sanitization Failures:** Flaws that could lead to sandbox escapes or arbitrary code execution (ACE) if a user visits a malicious website.
## Exploitation
- **Status:** Not currently reported as exploited in the wild (refer to the official Chrome releases blog for any updates regarding "zero-day" status).
- **Complexity:** Medium to High
- **Attack Vector:** Network (Remote) – Typically requires a user to navigate to a specially crafted malicious webpage.
## Impact
- **Confidentiality:** High (Potential for data theft)
- **Integrity:** High (Potential for arbitrary code execution)
- **Availability:** High (Potential for application crashes and instability)
## Remediation
### Patches
Google has released the following versions to address these vulnerabilities. Users should update to these versions or higher:
- **Windows/Mac:** 145.0.7632.159/160
- **Linux:** 145.0.7632.159
### Workarounds
There are no official workarounds that substitute for a patch. To minimize risk:
- Avoid visiting untrusted or suspicious websites.
- Enable Chrome's "Enhanced Protection" in Privacy and Security settings.
## Detection
- **Indicators of Compromise:** Browser crashes when loading specific web content; unauthorized processes spawning from `chrome.exe`.
- **Detection methods:** Administrators can verify the installed version of Chrome via Group Policy (GPO) or endpoint management tools (e.g., SCCM, Jamf, or Intune).
## References
- Canadian Centre for Cyber Security Advisory: hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/google-chrome-security-advisory-av26-194
- Google Chrome Releases Blog: hxxps[://]chromereleases[.]googleblog[.]com/2026/03/stable-channel-update-for-desktop[.]html