The ChromeOS Stable channel is being updated to OS version 16581.42.0 (Browser version 146.0.7680.169) for most ChromeOS devices.
Visit our ChromeOS communities
General: Chromebook Help Community
Beta Specific: ChromeOS Beta Help Community
Report an issue or send feedback on Chrome
Interested in switching channels? Find out how.
Luis Menezes
Google ChromeOS
Security Fixes and Rewards
N/A
Android Security fixes can be found here
[$TBD] [487338366] High CVE-2026-3924 Use after free in WindowDialog. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-25
[$TBD] [485935314] High CVE-2026-3923 Use after free in WebMIDI. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-20
[$3000.0] [485397139] High CVE-2026-3922 Use after free in MediaStream. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18
[$2000.0] [484946544] High CVE-2026-3921 Use after free in TextEncoding. Reported by Pranamya Keshkamat & Cantina.xyz on 2026-02-17
[$43000.0] [483971526] High CVE-2026-3915 Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-12
[$10000.0] [483853103] High CVE-2026-3918 Use after free in WebMCP. Reported by Syn4pse on 2026-02-12
[$11000.0] [483569512] High CVE-2026-3917 Use after free in Agents. Reported by Syn4pse on 2026-02-11
[$33000.0] [483445078] Critical CVE-2026-3913 Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-10
[$36000.0] [482828615] High CVE-2026-3916 Out of bounds read in Web Speech. Reported by Grischa Hauser on 2026-02-09
[$TBD] [482875307] High CVE-2026-3920 Out of bounds memory access in WebML. Reported by Google on 2026-02-09
[$43000.0] [481776048] High CVE-2026-3914 Integer overflow in WebML. Reported by cinzinga on 2026-02-04
[$TBD] [479326680] Medium CVE-2026-3935 Incorrect security UI in WebAppInstalls. Reported by Barath Stalin K on 2026-01-28
[$TBD] [478783560] Medium CVE-2026-3934 Insufficient policy enforcement in ChromeDriver. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-01-26
[$7000.0] [478659010] Medium CVE-2026-3926 Out of bounds read in V8. Reported by qymag1c on 2026-01-26
[$2000.0] [477180001] Medium CVE-2026-3929 Side-channel information leakage in ResourceTiming. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-01-20
[$0.0] [475238879] Low CVE-2026-3942 Incorrect security UI in PictureInPicture. Reported by Barath Stalin K on 2026-01-12
[$3000.0] [474948986] Medium CVE-2026-3927 Incorrect security UI in PictureInPicture. Reported by Barath Stalin K on 2026-01-11
[$2000.0] [474763968] Low CVE-2026-3938 Insufficient policy enforcement in Clipboard. Reported by vicevirus on 2026-01-10
[$1000.0] [474670215] Low CVE-2026-3941 Insufficient policy enforcement in DevTools. Reported by Lyra Rebane (rebane2001) on 2026-01-10
[$1000.0] [470574526] Low CVE-2026-3940 Insufficient policy enforcement in DevTools. Reported by Jorian Woltjer, Mian, bug_blitzer on 2025-12-21
[$2000.0] [444176961] High CVE-2026-3919 Use after free in Extensions. Reported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2025-09-10
[$2000.0] [435980394] Medium CVE-2026-3928 Insufficient policy enforcement in Extensions. Reported by portsniffer443 on 2025-08-03
[$3000.0] [417599694] Medium CVE-2026-3931 Heap buffer overflow in Skia. Reported by Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2025-05-14
[$1000.0] [40058077] Low CVE-2026-3939 Insufficient policy enforcement in PDF. Reported by NDevTK on 2021-11-30
