Chrome 148 Update Patches 151 Vulnerabilities

Google this week released a fresh Chrome 148 update that resolves 151 vulnerabilities, including 22 critical-severity flaws.

Based on the paid bug bounties, the most severe of the resolved bugs are CVE-2026-9872 (out-of-bounds write issue in GPU) and CVE-2026-9873 (use-after-free weakness in Network), each earning the reporting researchers a $43,000 reward.

Three other critical security defects were also reported by external researchers: CVE-2026-9874 (use-after-free in Dawn), CVE-2026-9875 (out-of-bounds read in WebGL), and CVE-2026-9876 (use-after-free in WebGL).

Most of the critical-severity vulnerabilities patched with the latest Chrome update are use-after-free bugs. This type of memory safety issues could allow attackers to achieve remote code execution and to escape Chrome’s sandbox and potentially compromise the entire system.

The Chrome refresh also addresses 123 high-severity weaknesses and six medium-severity defects. Use-after-free bugs dominate the list, followed by insufficient validation of untrusted input and out-of-bounds issues.

The internet giant says it has paid over $130,000 in bug bounty rewards for 10 security flaws reported by external researchers. The final amount could be much higher, as Google has yet to disclose the amounts paid for several other vulnerabilities.

Advertisement. Scroll to continue reading.

Most of the security weaknesses resolved with the latest browser update were discovered by Google themselves, a common occurrence in recent Chrome refreshes.

Starting in late March, the number of vulnerabilities resolved with each update has increased significantly, with over 350 issues addressed in Chrome 148 alone, this update included.

With most of the flaws marked as “reported by Google”, the surge in vulnerability discoveries is likely driven by AI use, which also determined the company to lower Chrome bug bounties last month.

The latest Chrome iteration is now rolling out as versions 148.0.7778.216/217 for Windows, versions 148.0.7778.215/216 for macOS, and version 148.0.7778.215 for Linux.

What's Hot

Sony’s new TVs aren’t making the most of the PS5

The $ sign in Excel is tiny, but it’s why your formulas break when you move them

States push back against rising AI-driven electricity infrastructure costs

Chrome 148 Update Patches 151 Vulnerabilities

Exploit Code Published for Critical Flowise RCE Vulnerability

Russian Spies Are Aggressively Seeking Western Technology as Sanctions Bite, Officials Say

California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach

MokN Raises $15 Million for Phish-Back Platform

Charter Communications Data Breach Could Impact Nearly 5 Million

In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks

The iPad Air brand makes no sense – it needs a rethink

ChatGPT Group Chats are here … but not for everyone (yet)

Facebook updates its algorithm to give users more control over which videos they see

Our Picks

Sony’s new TVs aren’t making the most of the PS5

The $ sign in Excel is tiny, but it’s why your formulas break when you move them

States push back against rising AI-driven electricity infrastructure costs

Subscribe to Updates

What's Hot

Chrome 148 Update Patches 151 Vulnerabilities

Related Posts