Google has rolled out a massive security update for its Chrome browser, sealing a staggering 79 vulnerabilities before threat actors can exploit them.
With 14 of these flaws rated as critical, browsing the web on an outdated version leaves your entire system wide open to devastating cyberattacks.
The newest stable release bumps Chrome to 148.0.7778.167/168 on Windows and Mac, while Linux users will upgrade to 148.0.7778.167.
Google is deploying this patch over the coming days, but proactive users and enterprise administrators should trigger the update manually.
The sheer volume of this release highlights the constant battle against memory corruption bugs, particularly “Use-after-free” (UAF) and “Heap buffer overflow” flaws that commonly plague complex browser architectures.
As standard practice, Google keeps specific exploit details and proof-of-concept code restricted.
This creates a vital window for the global user base to install the patch before malware operators weaponize the disclosures.
However, the tech giant has already paid out hefty bug bounties to independent researchers, highlighting the severity of the findings.
The highest reward of $43,000 went to an external researcher who discovered a critical heap buffer overflow in the WebML component.
Critical Chrome Vulnerabilities Patched
Google released fixes for multiple memory management flaws that could let attackers execute arbitrary code through malicious HTML pages.
Below is a breakdown of the most severe vulnerabilities patched in this update that every security intelligence team needs to track.
| CVE ID | Component | Vulnerability Type | Reporter | Bounty |
|---|---|---|---|---|
| CVE-2026-8509 | WebML | Heap buffer overflow | c6eed09fc8b174b0f3eebedcceb1e792 | $43,000 |
| CVE-2026-8510 | Skia | Integer overflow | q@calif.io | $25,000 |
| CVE-2026-8511 | UI | Use after free | N/A | |
| CVE-2026-8512 | FileSystem | Use after free | N/A | |
| CVE-2026-8513 | Input | Use after free | N/A | |
| CVE-2026-8514 | Aura | Use after free | N/A | |
| CVE-2026-8515 | HID | Use after free | N/A | |
| CVE-2026-8516 | DataTransfer | Insufficient validation of untrusted input | N/A | |
| CVE-2026-8517 | WebShare | Object lifecycle issue | N/A | |
| CVE-2026-8518 | Blink | Use after free | N/A | |
| CVE-2026-8519 | ANGLE | Integer overflow | N/A | |
| CVE-2026-8520 | Payments | Race condition | N/A | |
| CVE-2026-8521 | Tab Groups | Use after free | N/A | |
| CVE-2026-8522 | Downloads | Use after free | N/A |
Threat actors heavily target browser vulnerabilities to bypass sandboxes, steal sensitive data, and compromise the underlying operating system.
Delaying this patch is a direct risk to your infrastructure. Take these immediate steps to secure your environment:
- Navigate to the three-dot menu in the top right corner of your Chrome browser.
- Select Help, then click on About Google Chrome.
- Allow the browser to fetch and install version 148 automatically.
- Click Relaunch to apply the security fixes and clear active sessions.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.