Out-of-bounds memory access in Google Chrome WebAudio

Successful exploitation allows a remote attacker to cause out-of-bounds memory access in the browser process through malicious web content. Depending on the exact memory corruption behavior and exploitability of the affected code path, this could result in browser instability or crash, information disclosure, or potentially arbitrary code execution. Supporting package guidance also notes that Chromium issues in this update set could lead to arbitrary code execution, denial of service, or information disclosure, but the precise impact for CVE-2026-3540 alone is not fully detailed in the provided content.

Apply the vendor update as the primary mitigation. Until patching is complete, reduce exposure by limiting access to untrusted websites and untrusted HTML content, using browser sandboxing and least-privilege endpoint controls, and restricting use of affected browser versions in high-risk environments. Because the issue is triggered via crafted web content, standard web isolation or remote browser isolation controls may also reduce risk where available.

Update Google Chrome/Chromium to version 145.0.7632.159 or later. Google released fixes in Chrome Stable 145.0.7632.159/160 for Windows and macOS and 145.0.7632.159 for Linux. Enterprise administrators should deploy the patched version across managed endpoints using standard update policy mechanisms.