FIX STATUS_INVALID_IMAGE_HASH in Chrome: 5 Fixes (2026)

Every tab dies on load, even chrome:// pages, right after an antivirus update, throwing Aw, Snap! Error code: STATUS_INVALID_IMAGE_HASH. Not malware, not a Chrome bug. Chrome’s renderer tried to load a DLL that failed signature verification, and Windows blocked it. The injector is almost always your antivirus. Update it, or set one registry value.

As of June 2026 (Chrome 149), this error is still live. Windows users report it after antivirus updates and Chrome auto-updates, the same pattern documented when Chrome introduced renderer code integrity in version 78. A May 2026 wave of “Aw, Snap” reports on Windows traced back to this exact mechanism. Nothing in recent Chrome releases removed the protection, so the fix below still applies.

Fix 1: Update Your Antivirus First

The crash happens because your antivirus injects a DLL into Chrome’s renderer that is not signed by Microsoft. Vendors fixed this by shipping properly signed DLLs. An outdated build is the single most common cause.

1. Open your antivirus (Symantec, Kaspersky, McAfee, or whichever you run).
2. Run its built-in update / “check for updates”.
3. Reboot, then relaunch Chrome.
4. If the crash stops, the signed DLL fixed it and you never have to touch the registry.

This is the correct fix. The registry edit below is the workaround for when the vendor has not shipped a signed build yet.

Fix 2: Disable RendererCodeIntegrity via Registry

If updating the antivirus did not help, you can tell Chrome to stop enforcing renderer code integrity. This lets the unsigned DLL load again, which removes the crash. It also removes a security layer, so treat it as temporary.

1. Press Win + R, type regedit, press Enter.
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome. If the Chrome key does not exist, right-click Policies, choose New > Key, and name it Google, then create Chrome inside it.
3. Right-click in the right pane, choose New > DWORD (32-bit) Value, name it RendererCodeIntegrityEnabled.
4. Leave its value at 0.
5. Close regedit, fully quit Chrome, relaunch.

On Microsoft Edge, use the same steps with the path HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge instead.

Re-enable the protection (delete the value, or set it to 1) once your antivirus vendor ships a signed update. Leaving it off indefinitely keeps Chrome’s renderer open to DLL injection.

Quick Diagnosis: Which Cause Is Yours

Fix 3: Test With a Clean Chrome Profile

A corrupt profile rarely causes this specific error, but it rules out a second variable before you blame the antivirus. The signature block is process-wide, so a clean profile that still crashes confirms the injector is the cause.

1. Quit Chrome completely.
2. Open %LOCALAPPDATA%\Google\Chrome\User Data\ in File Explorer.
3. Rename Default to Default_Backup.
4. Relaunch Chrome. It builds a fresh profile.
5. Still crashing? The profile is innocent. The injected DLL is the cause, so go to Fix 1 and Fix 2.

Fix 4: Check for the Injected Module

You can sometimes name the exact DLL Chrome is rejecting, which tells you which program to update or remove.

1. Reproduce the crash, then on the “Aw, Snap” page note whether it lists a module.
2. In Windows, open Event Viewer > Windows Logs > Application and look for an error logged against chrome.exe near the crash time.
3. The faulting module name (often ending in .dll) points to the responsible program.
4. Update or uninstall that program. If it is core antivirus, update rather than remove it.

On managed/work machines, this is frequently an endpoint-security agent pushed by IT. Send them the module name — they may have a signed build available.

Why This Error Exists at All

STATUS_INVALID_IMAGE_HASH is the visible symptom of a deliberate Chrome security boundary. Since Chrome 78, the RendererCodeIntegrity policy applies a Windows process-mitigation flag that tells the OS loader to refuse any binary not signed by Microsoft inside renderer processes. The renderer is where untrusted web content runs, so Google locked it against third-party code injection.

When antivirus, a screen reader, or an injection-based tool tries to load its DLL into that sandbox and the DLL is not Microsoft-signed, the loader rejects it. Chrome cannot continue with a half-loaded renderer, so the tab dies with this code. The “image” in the name is the executable image (the DLL); the “hash” is its signature check.

This is why the error is benign in origin: the thing being blocked is usually legitimate software, and the block itself is the protection. The fix is to make the injected code acceptable (update it so it is signed) or to lift the restriction (the registry value), not to scan for viruses.

When the Problem Is Too Many Injecting Extensions

The renderer-integrity block targets DLLs, not Chrome extensions — so an extension will not throw this exact code. But the broader lesson holds: every piece of software that injects into your pages is a crash vector. A page that loads ten content scripts from ten extensions has ten things that can fault.

SuperchargePerformance is a Manifest V3 extension. It never loads a DLL into Chrome and does its blocking through Chrome’s native declarative rules, so it adds no per-request JavaScript and no injected binary to the renderer. If part of your goal is a leaner, more stable Chrome with fewer moving parts running inside each page, consolidating onto fewer, cleaner extensions is the durable move. For this specific STATUS_INVALID_IMAGE_HASH crash, though, the registry fix above is what resolves it — no extension changes the antivirus DLL behavior.

If you run a single antivirus and the crash returns after every update, ask the vendor whether their current agent ships a Microsoft-signed renderer DLL. If they do not, keep RendererCodeIntegrityEnabled at 0 until they do, and re-enable it the moment they ship one.