Google has introduced the Chrome 148 update, which significantly enhances browser security by addressing 151 vulnerabilities. Among these, 22 are classified as critical, highlighting the importance of this update for users.
Critical Vulnerabilities Addressed
Two of the most severe vulnerabilities, CVE-2026-9872 and CVE-2026-9873, have been resolved, each involving substantial security risks. These vulnerabilities relate to an out-of-bounds write issue in the GPU and a use-after-free flaw in the Network, respectively. The researchers who identified these issues were awarded $43,000 each.
In addition to these, three more critical vulnerabilities were identified by external investigators. These include CVE-2026-9874, a use-after-free issue in Dawn; CVE-2026-9875, an out-of-bounds read in WebGL; and CVE-2026-9876, another use-after-free vulnerability in WebGL.
Prevalent Security Flaws and Their Implications
The majority of critical flaws fixed in this update are use-after-free bugs. This type of memory safety issue can be exploited by attackers to execute remote code and bypass Chrome’s security measures, potentially compromising entire systems.
Alongside these critical fixes, the update also rectifies 123 high-severity and six medium-severity vulnerabilities. Use-after-free bugs are predominant among these, followed by issues related to inadequate validation of untrusted input and out-of-bounds errors.
Impact of AI on Vulnerability Detection
Google reports having paid over $130,000 in bug bounties for ten of the externally reported flaws. This figure may increase as payments for several other vulnerabilities have not yet been disclosed.
Most vulnerabilities in this update were identified internally by Google, a trend that has been consistent in recent updates. The surge in detected vulnerabilities, with over 350 issues resolved in Chrome 148, appears to be driven by the integration of AI in the detection process. This development also influenced Google’s decision to reduce bug bounty rewards last month.
The Chrome 148 update is now being deployed across various platforms, with versions 148.0.7778.216/217 available for Windows, 148.0.7778.215/216 for macOS, and 148.0.7778.215 for Linux.
It is crucial for users to update to the latest version to ensure their systems are protected against these vulnerabilities.
