Google has once again released an alert, detailing eight high-risk security vulnerabilities recently patched in its Chrome browser. These classic types of flaws affect various critical areas, including audio processing, authentication functions, graphic rendering, page display, and font handling.
Two of these are heap buffer overflow vulnerabilities (CVE-2026-4673 in WebAudio and CVE-2026-4675 in WebGL). They occur when a component writes more data than it should into a dynamic memory area (the “heap”), overwriting adjacent data. Depending on how they manifest or are exploited, these can lead to crashes, disrupt normal browser operation, and in severe cases, allow for arbitrary code execution.
Additionally, two out-of-bounds read flaws were addressed: one in CSS (CVE-2026-4674) and another in WebAudio (CVE-2026-4677). These result from attempting to access data beyond the memory region a component is authorized to read. While not always immediately visible, such errors can cause malfunctions, expose sensitive information in memory, and in certain contexts, facilitate more advanced exploitation.
Google also patched three use after free vulnerabilities affecting Dawn (CVE-2026-4676), WebGPU (CVE-2026-4678), and FedCM (CVE-2026-4680). These errors occur when a program attempts to use a memory resource after it has already been freed. This can lead to browser crashes, unpredictable behavior, or potentially malicious code execution.
The final reported vulnerability, CVE-2026-4679, is an integer overflow found in the Fonts component. This happens when a calculation produces a value larger than the variable can store, potentially corrupting data processing and compromising the browser’s stability.
