Google Chrome 145 Security Update: 11 Vulnerabilities Patched, $18,000 in Bug Bounties

Google has officially rolled out Chrome 145 to the stable channel, delivering critical security fixes across multiple components of the browser. The update addresses 11 vulnerabilities, including three high‑severity issues, and rewards researchers with over $18,000 in bug bounties.

High-Severity Vulnerabilities in Chrome 145

Three major flaws were patched in this release:

• CVE-2026-2313: A use-after-free in CSS, reported externally, earned the researcher an $8,000 bounty.
• CVE-2026-2314: A heap buffer overflow in Codecs, discovered internally by Google.
• CVE-2026-2315: An inappropriate implementation in WebGPU, also reported by Google’s team.

These issues highlight the ongoing risks in rendering engines and multimedia handling, areas frequently targeted by attackers.

Medium-Severity Vulnerabilities

Several medium-severity bugs were also patched:

• CVE-2026-2316: Insufficient policy enforcement in Frames → $5,000 reward.
• CVE-2026-2317: Inappropriate implementation in Animation → $2,000 reward.
• Inappropriate implementation in PictureInPicture → $1,000 reward.
• Inappropriate implementation in File Input → reward pending disclosure.
• Race condition in DevTools.
• Use-after-free in Ozone.

Low-Severity Vulnerabilities

Two low-severity issues were resolved:

• Inappropriate implementation in File Input.
• Inappropriate implementation in Downloads.

 

Bug Bounty Rewards

Google’s bug bounty program continues to incentivize security research. In this release:

• Highest payout: $8,000 for the CSS use-after-free.
• Total rewards: over $18,000 distributed among reporting researchers.

Chrome 145 Release Details

• Linux: Version 145.0.7632.45
• Windows & macOS: Versions 145.0.7632.45/46
• Google confirmed no active exploitation in the wild at the time of release.