Chrome critical update

Stable channel desktop builds landed as 146.0.7680.153/154 for Windows and macOS and 146.0.7680.153 for Linux, with the rollout beginning March 18, 2026. (chromereleases.googleblog.com) Google publicly identified two high‑severity zero‑day CVEs — CVE‑2026‑3909 (Skia) and CVE‑2026‑3910 (V8) — that had evidence of active exploitation and listed mitigation versions to apply. (thehackernews.com) The update closes defects across core browser components including WebGL, V8, WebRTC, Blink, ANGLE, CSS, Skia, PDFium, the networking stack and the Digital Credentials API, and addresses multiple out‑of‑bounds, use‑after‑free and type‑confusion memory‑safety bugs. (cyberpress.org) Chrome Releases notes that detailed bug reports and links may be held restricted until a majority of users have applied the fixes. (chromereleases.googleblog.com) Chrome Enterprise supplies an MSI for managed Windows installs and a cloud Admin console that can manage Chrome on Windows, macOS, Linux, iOS and Android while enforcing 100+ machine‑level policies and reporting browser versions across a fleet. (support.google.com) Google’s Updates technical document catalogs four enterprise update strategies — Auto‑update (recommended), version pinning by milestone, pinning by full version, and full manual updates — and includes guidance on maintenance windows, staggered rollouts and caching to limit bandwidth during mass updates. (storage.googleapis.com) On Windows, Google Update settings can be managed via Group Policy and ADM/ADMX templates, and Microsoft Intune workflows support importing Chrome ADMX to enforce auto‑update behavior and scheduling across managed devices. (support.google.com) (prajwaldesai.com)