Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex

Stable Channel Update for ChromeOS / ChromeOS Flex

Thursday, February 26, 2026

M-145, ChromeOS version 16552.47.0 (Browser version 145.0.7632.154) has rolled out to ChromeOS devices on the Stable channel.

If you find new issues, please let us know one of the following ways:

File a bug
Visit our ChromeOS communities

General: Chromebook Help Community
Beta Specific: ChromeOS Beta Help Community

Report an issue or send feedback on Chrome
Interested in switching channels? Find out how.

Security Fixes and Rewards

ChromeOS Vulnerability Rewards Program Reported Bug Fixes:

N/A

Other 3rd Party Security Fixes Included:

High Fixes CVE-2025-38349 kernel Use-After-Free (UAF) fix

High Fixes CVE-2025-0932 potential UAF in the ARM shader compiler reachable through WebGPU

High Fixes CVE-2025-21704 buffer size check in the USB CDC-ACM driver

Android Security fixes can be found here

Chrome Browser Security Fixes:

[$TBD] [478560268] High CVE-2026-2314 blink_avif_decoder_fuzzer: Heap-buffer-overflow in InterpolateRow_Any_AVX2 on 2026-01-25

[$1000.0] [470928605] Low CVE-2026-2322 On Ubuntu (or other Linux-based systems) an attacker can steal files uploaded to other sites with little user interaction. on 2025-12-22

[$500.0] [467442136] Low CVE-2026-2323 when the filename contains a very long with special character can break/remove the extension of file in download buble Reported by [[goes here]] on 2025-12-09

[$8000.0] [467297219] High CVE-2026-2313 Use-After-Poison in RouteMap::UpdateActiveRoutes on 2025-12-09

[$2000.0] [464173573] Medium CVE-2026-2317 KeyframeEffect constructor leaks UA shadow root. Reported by [Brendan Draper] on 2025-11-27

[$TBD] [461877477] Medium CVE-2026-2321 heap-use-after-free : base::ScopedObservationTraits<ui::WaylandWpColorManager, ui::WaylandWpColorManager::Observer>::RemoveObserver on 2025-11-18

[$TBD] [435684924] Medium CVE-2026-2320 Security: Compromised renderer can read files through file picker dialog with kSave mode + prefilled filename Reported by [Alesandro Ortiz https://AlesandroOrtiz.com] on 2025-08-01

[$5000.0] [422531206] Medium CVE-2026-2316 Intersection Observer v2 API fails to correctly determine target's visibility for dynamically changed z-indexes, enabling clickjacking against Google One Tap Reported by [Luan Herrera (@lbherrera_)] on 2025-06-04

[$1000.0] [363930141] Medium CVE-2026-2318 User can unknowingly Execute External File Hidden behind PiP during Interaction Reported by [Shaheen Fazim] on 2024-09-02

[$1000.0] [40071155] Medium CVE-2026-2319 UAF in v8_inspector DomainDispatcherImpl on 2023-09-01

[$TBD] [483569511] High CVE-2026-2441 Heap-use-after-free in blink::FontFeatureValuesMapIterationSource::FetchNextItem Reported by [Shaheen Fazim] on 2026-02-11

[$11000.0] [481074858] High CVE-2026-2649 V8: Integer Truncation in Turboshaft PhiOp input_count via WASM br_table Reported by [JunYoung Park(@candymate) of KAIST Hacking Lab] on 2026-02-02

[$11000.0] [477033835] High CVE-2026-2648 PDFium heap-buffer-overflow at opj_j2k_read_sod Reported by [soiax] on 2026-01-19

[$TBD] [476461867] Medium CVE-2026-2650 media_pipeline_integration_fuzzer: Heap-buffer-overflow in media::AudioBuffer::AudioBuffer on 2026-01-17

Andy Wu

Google ChromeOS