M-145, ChromeOS version 16552.47.0 (Browser version 145.0.7632.154) has rolled out to ChromeOS devices on the Stable channel.
If you find new issues, please let us know one of the following ways:
-
Visit our ChromeOS communities
-
General: Chromebook Help Community
-
Beta Specific: ChromeOS Beta Help Community
-
Interested in switching channels? Find out how.
Security Fixes and Rewards
ChromeOS Vulnerability Rewards Program Reported Bug Fixes:
N/A
Other 3rd Party Security Fixes Included:
High Fixes CVE-2025-38349 kernel Use-After-Free (UAF) fix
High Fixes CVE-2025-0932 potential UAF in the ARM shader compiler reachable through WebGPU
High Fixes CVE-2025-21704 buffer size check in the USB CDC-ACM driver
Android Security fixes can be found here
Chrome Browser Security Fixes:
[$TBD] [478560268] High CVE-2026-2314 blink_avif_decoder_fuzzer: Heap-buffer-overflow in InterpolateRow_Any_AVX2 on 2026-01-25
[$1000.0] [470928605] Low CVE-2026-2322 On Ubuntu (or other Linux-based systems) an attacker can steal files uploaded to other sites with little user interaction. on 2025-12-22
[$500.0] [467442136] Low CVE-2026-2323 when the filename contains a very long with special character can break/remove the extension of file in download buble Reported by [[goes here]] on 2025-12-09
[$8000.0] [467297219] High CVE-2026-2313 Use-After-Poison in RouteMap::UpdateActiveRoutes on 2025-12-09
[$2000.0] [464173573] Medium CVE-2026-2317 KeyframeEffect constructor leaks UA shadow root. Reported by [Brendan Draper] on 2025-11-27
[$TBD] [461877477] Medium CVE-2026-2321 heap-use-after-free : base::ScopedObservationTraits<ui::WaylandWpColorManager, ui::WaylandWpColorManager::Observer>::RemoveObserver on 2025-11-18
[$TBD] [435684924] Medium CVE-2026-2320 Security: Compromised renderer can read files through file picker dialog with kSave mode + prefilled filename Reported by [Alesandro Ortiz https://AlesandroOrtiz.com] on 2025-08-01
[$5000.0] [422531206] Medium CVE-2026-2316 Intersection Observer v2 API fails to correctly determine target’s visibility for dynamically changed z-indexes, enabling clickjacking against Google One Tap Reported by [Luan Herrera (@lbherrera_)] on 2025-06-04
[$1000.0] [363930141] Medium CVE-2026-2318 User can unknowingly Execute External File Hidden behind PiP during Interaction Reported by [Shaheen Fazim] on 2024-09-02
[$1000.0] [40071155] Medium CVE-2026-2319 UAF in v8_inspector DomainDispatcherImpl on 2023-09-01
[$TBD] [483569511] High CVE-2026-2441 Heap-use-after-free in blink::FontFeatureValuesMapIterationSource::FetchNextItem Reported by [Shaheen Fazim] on 2026-02-11
[$11000.0] [481074858] High CVE-2026-2649 V8: Integer Truncation in Turboshaft PhiOp input_count via WASM br_table Reported by [JunYoung Park(@candymate) of KAIST Hacking Lab] on 2026-02-02
[$11000.0] [477033835] High CVE-2026-2648 PDFium heap-buffer-overflow at opj_j2k_read_sod Reported by [soiax] on 2026-01-19
[$TBD] [476461867] Medium CVE-2026-2650 media_pipeline_integration_fuzzer: Heap-buffer-overflow in media::AudioBuffer::AudioBuffer on 2026-01-17
Andy Wu
Google ChromeOS