Google released a stable channel Chrome update on March 23, 2026 that fixes several high-severity bugs. Two stand out because they sit in the browser’s graphics stack, the part that opens the most attack surface once a page starts drawing in 3D: a heap buffer overflow in WebGL (CVE-2026-4675) and a use-after-free in Dawn (CVE-2026-4676).
Dawn is the WebGPU implementation built into Chrome. It’s the layer that talks to the GPU so pages can run accelerated graphics and compute. A use-after-free there means the browser keeps using a memory object it already freed. If an attacker controls what lands in that freed slot, they can steer execution and, chained with other bugs, try to break out of the browser sandbox. That’s the usual path that turns a memory bug into code execution outside Chrome’s protections.
The WebGL bug (CVE-2026-4675) is a heap buffer overflow. The idea is similar: a page crafted for it forces a write past the allocated buffer and corrupts neighbouring structures in memory. Both flaws are reachable remotely. There’s nothing to download and no odd permissions to grant; visiting a page built to trigger the issue is enough.
Who is affected
Anyone running Chrome older than the fixed build, on all three desktop platforms. Google shipped Chrome 146.0.7680.164/165 for Windows and macOS, and 146.0.7680.164 for Linux. Since Chromium is the base for Edge, Brave, Opera, Vivaldi and the default browser on many distributions, those browsers carry the same WebGL and Dawn code until each one ships its own update. If you use one of them, check its version too.
Severity
Google rated both as high severity, not critical. There’s no record of these two being exploited in the wild at patch time, unlike the Skia and V8 zero-days Google had fixed a few days earlier. Even so, use-after-free bugs in graphics components are common building blocks in sandbox-escape exploit chains, so it’s not wise to leave them unpatched for long.
Mitigation
Update Chrome. Most installs update themselves, but the patch only takes effect after a restart. Go to Menu → Help → About Google Chrome, let it check the version, and click Relaunch when prompted. Confirm the version is 146.0.7680.164 or later (165 on Windows and macOS). On Linux, if you installed Chrome from Google’s repository, an apt upgrade or dnf upgrade will pull the fixed package. For Chromium and derived browsers, wait for or force your distribution’s package update.