Google just patched 30 high-risk Chrome security vulnerabilities
… A vulnerability in WebRTC was reported by Mozilla. …
Search
All sources
androidauthority.com
12
blog.google
10
theregister.com
9
theverge.com
4
hothardware.com
4
androidpolice.com
4
9to5google.com
4
pcworld.com
3
wired.com
3
xda-developers.com
3
tweaktown.com
2
techcrunch.com
2
People also ask
What else is fixed in Chrome 146?
Just two days earlier, on March 10th, Google released the new major version Chrome 146, which you can read about in this Chrome Releases blog post. That update fixed 29 security vulnerabilities, almost all of which were reported by external security researchers. One of the vulnerabilities (CVE-2026-3913) is classified as critical, a buffer overflow in the WebML component. Tobias Wienand, the discoverer of this vulnerability, was rewarded $33,000 for it. He also got an additional $43,000 for CVE-2026-3915, another WebML buffer overflow (although that one only classified as high risk). Eleven se
Emergency Chrome 146 update patches 2 zero-day vulnerabilitiesTop stories
Emergency Chrome 146 update patches 2 zero-day vulnerabilities
… The zero-day security vulnerabilities The first zero-day security vulnerability is a bug in the Skia graphics library CVE-2026-3909 that allows write access to memory addresses outside the boundaries of a predefined buffer "out-of-bounds write" . …
Google Chrome 146 update fixes 3 critical security flaws
… In the Chrome Releases blog post, Srinivas Sista lists the 26 security vulnerabilities that have been fixed. They were predominantly discovered by external security researchers and reported to Google. …
The AI Era Is Creating a Bug-Hunting Arms Race
… They're submitted in a never-before-seen frequency and put us under serious load.” And at the end of April, Google announced that it was overhauling its Vulnerability Reward Programs for Chrome and Android and lowering payouts for some classes of bugs, while increasing others. “As the security rese… …
Discussions and forums
Google stopped a zero-day hack that it says was developed with AI
… This follows weeks of hand-wringing over the capabilities of cybersecurity-focused AI models like Anthropic’s Mythos and a recently disclosed Linux vulnerability that was discovered with AI assistance. …
VRP 2025 Year in Review
… Follow the Google VRP channel on X to stay in the loop and be sure to check out the Security Engineering blog, which covers topics ranging from VRP updates to security practices and vulnerability descriptions! …
Claude Mythos Finds Zero-Days—But Rust Quietly Shuts The Door
… The expectation is that AI-driven vulnerability discovery will follow the same arc. Organizations will integrate the tools into standard development practice, run them continuously, and establish a new baseline for security. …
Anthropic Project Glasswing Targets Safer AI Agents Before They Go Rogue
… Bug-Finding at the Speed of AI AI-accelerated and enhanced automated security sweeps have flipped the traditional cybersecurity bottleneck. …
Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything
… And so we do need a plan to respond to this.” Anthropic's Graham notes that in addition to vulnerability discovery—including producing potential attack chains and proofs of concept—Mythos Preview is capable of more advanced exploit development, penetration testing, endpoint security assessment, hun… …
Google Workspace’s continuous approach to mitigating indirect prompt injections
… Google AI Vulnerability Rewards Program VRP The Google AI Vulnerability Rewards Program VRP is a critical tool for enabling collaboration between Google and external security researchers who discover new attacks leveraging IPI. …