Google on Wednesday introduced the promotion of Chrome 148 to the secure channel with 127 security fixes, together with three for critical-severity vulnerabilities.
The primary crucial flaw is an integer overflow difficulty in Blink, tracked as CVE-2026-7896. It may enable distant attackers to use a heap reminiscence corruption by way of a crafted HTML web page.
In response to Google’s advisory, a $43,000 bug bounty reward was paid to the researcher who reported the flaw in mid-March.
The opposite two critical-severity security defects, each use-after-free weaknesses, have been discovered by Google. Tracked as CVE-2026-7897 and CVE-2026-7898, they have an effect on the Cell and Chromoting elements.
Chrome 148 additionally consists of patches for over 30 high-severity vulnerabilities, most of that are use-after-free bugs impacting ANGLE, SVG, DOM, Fullscreen, Views, Aura, GPU, Skia, Passwords, ServiceWorker, Chromoting, WebRTC, PresentationAPI, and MediaRecording.
Per Google’s advisory, the very best bug bounty was paid for an out-of-bounds learn and write difficulty within the V8 JavaScript engine. Challenge WhatForLunch obtained a $55.000 reward for the discovering.
Different high-severity flaws addressed with the replace embrace: heap buffer overflow in ANGLE, out of bounds reminiscence entry in V8, out of bounds learn in Fonts, integer overflows in ANGLE and GPU, inadequate validation of untrusted enter in Media, inappropriate implementation in ServiceWorker, inadequate coverage enforcement in DevTools, kind confusions in Accessibility and Runtime, inadequate knowledge validation points in DevTools and InterestGroups, out of bounds write in Skia, and uninitialized use in Daybreak.
Greater than 60 of the security defects patched with the most recent Chrome launch are medium-severity flaws, whereas the remaining bugs are low-severity weaknesses.
Whereas many of the addressed vulnerabilities have been found by Google, the corporate says it paid $138,000 in bug bounty rewards to exterior researchers. The ultimate quantity may very well be a lot increased, because the web big has but to reveal the quantities handed out for lots of the resolved points.
The most recent Chrome iteration is now rolling out as model 148.0.7778.96 for Linux and as variations 148.0.7778.96/97 for Home windows and macOS.
