Google has rolled out an update for Chrome, version 148, addressing a total of 79 security vulnerabilities. This update includes fixes for 14 critical-severity bugs found across various components of the browser.
Key Critical Vulnerabilities Patched
Among the critical issues addressed, a significant one is a heap buffer overflow in WebML, identified as CVE-2026-8509. The severity of this flaw warranted a $43,000 bug bounty, indicating its potential for remote code execution.
Another critical flaw, CVE-2026-8510, concerns an integer overflow in Skia, for which the researcher received a $25,000 reward. These vulnerabilities highlight the importance of robust security measures.
Additional Critical and High-Severity Fixes
Google’s security team discovered and resolved 12 other critical vulnerabilities. These include use-after-free bugs in various components like UI and FileSystem, and other issues such as an object lifecycle flaw in WebShare and a race condition in Payments.
In addition to critical fixes, the update also addresses 37 high-severity issues, which comprise use-after-free, out-of-bounds write, and type confusion defects. Google has awarded $44,000 in bug bounty rewards for some of these high-severity flaws, but total payouts may increase as further details are disclosed.
Broader Security Improvements and Rollout
The Chrome 148 update is being deployed as version 148.0.7778.167 for Linux, with versions 148.0.7778.167/168 for Windows and macOS. Notably, there have been no reports of these vulnerabilities being exploited in the wild.
Accompanying this update, Firefox has also released a security update, version 150.0.3, which resolves five high-severity vulnerabilities in components such as JIT and WebAssembly.
These updates underscore the ongoing efforts by browser developers to enhance security and protect users from potential exploits.
As technology evolves, the importance of regular updates cannot be overstated, ensuring the safety and integrity of digital platforms.
