Chrome 148 Update Patches Critical Vulnerabilities

Google has released the Chrome 148 update, which resolves 79 vulnerabilities in the browser, including 14 rated critical. The fixes cover multiple components and arrive as part of the regular stable channel rollout. The most severe issues include a heap buffer overflow in WebML tracked as CVE-2026-8509. Google awarded a $43,000 bug bounty for the report. A second critical flaw, CVE-2026-8510, involves an integer overflow in the Skia graphics library and carried a $25,000 reward. The remaining 12 critical defects were identified internally and consist of use-after-free errors across UI, FileSystem, Input, Aura, HID, Blink, Tab Groups, and Downloads, plus an insufficient input validation problem in DataTransfer, an object lifecycle issue in WebShare, an integer overflow in ANGLE, and a race condition in Payments.

High Severity Fixes Included

The update also closes 37 high-severity weaknesses. These span use-after-free conditions, out-of-bounds writes, heap buffer overflows, integer overflows, and type confusion bugs. Google paid out $44,000 in bounties for four of the high-severity reports, with individual rewards reaching $25,000 and $10,000. No evidence has surfaced that any of the newly addressed flaws were under active exploitation before the release.

Current Versions And Availability

The Chrome 148 update is now available as version 148.0.7778.167 on Linux and versions 148.0.7778.167 and 148.0.7778.168 on Windows and macOS. Users receive the update automatically through the browser’s built-in mechanism.

Mitigation Steps

Organizations should verify that endpoint management tools have deployed the new version across all managed devices and confirm that automatic updates remain enabled in enterprise policies. Security teams can review internal logs for any unusual browser process behavior that predates the patch. Partners and vendors that integrate with Chrome through extensions or enterprise APIs should test their components against the updated build to ensure continued compatibility. Individuals can apply the fix by opening Chrome, navigating to the Help menu, and selecting About Google Chrome. The browser checks for the update and installs it after a restart. For broader device protection against remaining threats, users can install Malwarebytes through this link: https://www.dpbolvw.net/click-5976450-13801426. Firefox received a separate security release in version 150.0.3 that addresses five high-severity issues in its scripting and profile components. Organizations running mixed browser environments should confirm both products sit at current versions. The Chrome 148 update follows the standard disclosure timeline without public indicators of prior exploitation. Regular checks of the browser version remain the most direct way to stay protected.