Google has officially released Chrome 148, which is now available in the stable channel. This update addresses a significant number of security vulnerabilities, including three deemed critical. These enhancements are part of Google’s ongoing effort to maintain a secure browsing experience for users.
Addressing Critical Vulnerabilities
The update fixes an integer overflow issue within Blink, tracked as CVE-2026-7896, which posed a risk of heap memory corruption via specially crafted HTML pages. This critical flaw was reported earlier this year, with Google awarding a $43,000 bug bounty to the researcher responsible for its discovery.
In addition to this, two other critical vulnerabilities, classified as use-after-free issues and identified as CVE-2026-7897 and CVE-2026-7898, were found internally by Google. These affect the Mobile and Chromoting components, highlighting the importance of internal scrutiny in uncovering potential security threats.
High-Severity Vulnerabilities and Bounty Rewards
Beyond the critical fixes, Chrome 148 also resolves over 30 high-severity vulnerabilities. Most of these involve use-after-free bugs impacting various system components, such as ANGLE, SVG, DOM, and GPU among others. The most notable discovery was an out-of-bounds read and write issue in the V8 JavaScript engine, which earned a $55,000 reward for Project WhatForLunch.
Other high-severity issues addressed include heap buffer overflow, out-of-bounds memory accesses, and inadequate implementation and validation mechanisms across different components. These fixes are crucial in ensuring a robust security posture for Chrome users.
Medium and Low-Severity Fixes
More than 60 medium-severity issues were also addressed in this update, with a number of low-severity flaws being patched as well. Google continues to incentivize external researchers by awarding $138,000 in bug bounty rewards for their contributions, although the final payout could increase as more disclosures are made.
The rollout of Chrome 148 as version 148.0.7778.96 for Linux and versions 148.0.7778.96/97 for Windows and macOS underscores Google’s commitment to providing timely security updates. Users are encouraged to update their browsers to the latest version to benefit from these improvements.
For further reading, related updates include patches for critical vulnerabilities in Android and adjustments in Google’s bug bounty rewards in response to evolving security landscapes.
