Just two days earlier, on March 10th, Google released the new major version Chrome 146, which you can read about in this Chrome Releases blog post. That update fixed 29 security vulnerabilities, almost all of which were reported by external security researchers. One of the vulnerabilities (CVE-2026-3913) is classified as critical, a buffer overflow in the WebML component. Tobias Wienand, the discoverer of this vulnerability, was rewarded $33,000 for it. He also got an additional $43,000 for CVE-2026-3915, another WebML buffer overflow (although that one only classified as high risk). Eleven se
Emergency Chrome 146 update patches 2 zero-day vulnerabilities… None of these vulnerabilities are being exploited in the wild yet. In the Chrome Releases blog post, Srinivas Sista lists all the vulnerabilities that have been fixed, not just the ones discovered by external security researchers. …
… That update fixed 29 security vulnerabilities, almost all of which were reported by external security researchers. One of the vulnerabilities CVE-2026-3913 is classified as critical, a buffer overflow in the WebML component. …
… In the Chrome Releases blog post, Srinivas Sista lists the 26 security vulnerabilities that have been fixed. They were predominantly discovered by external security researchers and reported to Google. …
… In other words, they're architecting digital solutions for different classes of vulnerabilities that eliminate them or make them significantly less exploitable in practice. “You can’t patch your way out of this,” says longtime security engineer and researcher Niels Provos. “You need to build infras…
… The report also mentions AI as a target for attackers, saying “GTIG has observed adversaries increasingly target the integrated components that grant AI systems their utility, such as autonomous skills and third-party data connectors.” Google’s report also details how hackers are using “persona-dri… …
… As part of Google's Cybersecurity Awareness Month campaign in October, we hosted our very own security conference in Mexico City, ESCAL8 . …
… Tools like GitHub Copilot Autofix generate patches for flagged vulnerabilities directly with proposed code changes. Several open-source security initiatives are also experimenting with autonomous AI maintainers for under-resourced projects. …
… Bug-Finding at the Speed of AI AI-accelerated and enhanced automated security sweeps have flipped the traditional cybersecurity bottleneck. Finding vulnerabilities used to be the hard part. …
… Done not carefully, this could be a meaningfully accelerant for attackers.” Project Glasswing partners, including some of Anthropic's competitors, struck a collaborative tone in statements as part of the launch. “Google is pleased to see this cross-industry cybersecurity initiative coming together,… …
… From there, new AI vulnerabilities are sourced, reproduced, and catalogued internally to ensure our products are not impacted. Vulnerability catalog All newly discovered vulnerabilities go through a comprehensive analysis process performed by the Google Trust, Security, & Safety teams. …
