[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fl4X5mK6dBNC7PL9Wa8SgmOKWkW-RiZXAK8NhB_7Vwn0":3},{"article":4,"iocs":47},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":29,"category":30,"article_tags":34},"e4672013-e3ee-4ab1-b3d5-19835ded4419","Chrome 148 Update Patches 151 Vulnerabilities","chrome-148-update-patches-151-vulnerabilities-44e32b","The browser update resolves critical-severity security defects that could potentially lead to remote code execution. The post Chrome 148 Update Patches 151 Vulnerabilities appeared first on SecurityWeek.","Google released Chrome 148, resolving 151 vulnerabilities with 22 critical-severity flaws that could enable remote code execution and sandbox escape. The most severe issues are CVE-2026-9872 (out-of-bounds write in GPU) and CVE-2026-9873 (use-after-free in Network), each earning $43,000 bug bounty rewards. The update also patches 123 high-severity and 6 medium-severity weaknesses, with use-after-free bugs dominating the vulnerability landscape.","Chrome 148 update patches 151 vulnerabilities including 22 critical-severity flaws.","Google this week released a fresh Chrome 148 update that resolves 151 vulnerabilities, including 22 critical-severity flaws. Based on the paid bug bounties, the most severe of the resolved bugs are CVE-2026-9872 (out-of-bounds write issue in GPU) and CVE-2026-9873 (use-after-free weakness in Network), each earning the reporting researchers a $43,000 reward. Three other critical security defects were also reported by external researchers: CVE-2026-9874 (use-after-free in Dawn), CVE-2026-9875 (out-of-bounds read in WebGL), and CVE-2026-9876 (use-after-free in WebGL). Most of the critical-severity vulnerabilities patched with the latest Chrome update are use-after-free bugs. This type of memory safety issues could allow attackers to achieve remote code execution and to escape Chrome’s sandbox and potentially compromise the entire system. The Chrome refresh also addresses 123 high-severity weaknesses and six medium-severity defects. Use-after-free bugs dominate the list, followed by insufficient validation of untrusted input and out-of-bounds issues. The internet giant says it has paid over $130,000 in bug bounty rewards for 10 security flaws reported by external researchers. The final amount could be much higher, as Google has yet to disclose the amounts paid for several other vulnerabilities.Advertisement. Scroll to continue reading. Most of the security weaknesses resolved with the latest browser update were discovered by Google themselves, a common occurrence in recent Chrome refreshes. Starting in late March, the number of vulnerabilities resolved with each update has increased significantly, with over 350 issues addressed in Chrome 148 alone, this update included. With most of the flaws marked as “reported by Google”, the surge in vulnerability discoveries is likely driven by AI use, which also determined the company to lower Chrome bug bounties last month. The latest Chrome iteration is now rolling out as versions 148.0.7778.216\u002F217 for Windows, versions 148.0.7778.215\u002F216 for macOS, and version 148.0.7778.215 for Linux. Related: Chrome 148 Update Patches Critical Vulnerabilities Related: CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day Related: TrendAI Patches Apex One Zero-Day Exploited in the Wild Related: Cisco Patches Critical Vulnerability in Secure Workload Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Gitea Vulnerability Exposed 30,000 Deployments to AttacksGoogle Unveils AI Threat Defense Platform to Fight AI-Powered CyberattacksRevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software BinariesGlassWorm Botnet DisruptedFBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal DataCISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-DayIranian APT Targets Aviation, Software Companies With Updated Tools185,000 Likely Impacted by 7-Eleven Data Breach Latest News California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 BreachRussia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge CyberattacksGeordie Raises $30 Million for AI Security and Governance PlatformCarnival Data Breach Exposed 6 Million PeopleNew BTMOB Android Malware Enables Full Device TakeoverCritical FortiClient EMS Vulnerability Exploited in Fresh AttacksIBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Virtual Event: Threat Detection and Incident Response Summit On-Demand Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register Webinar: Third-Party Risk in Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register People on the MoveJoe Chen has become Chief Technology Officer at Trellix.Usercentrics has named Pawan Hegde as COO and Elena Ignatova as CPTO.SecureAuth has named Mark van Oppen as Chief Revenue Officer.More People On The MoveExpert Insights Raising the Cybersecurity Stakes: Ante up for the Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael) Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Cyber Resilience is the New Business Continuity Plan The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin) Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Is the SOC Obsolete, and We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Fchrome-148-update-patches-151-vulnerabilities\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F04\u002FChrome-Zero-Day-exploits.jpg","2026-05-29T10:17:23+00:00","2026-05-29T12:00:09.162379+00:00",9,[18,21,24,27],{"name":19,"type":20},"Chrome 148","product",{"name":22,"type":23},"Google","vendor",{"name":25,"type":26},"WebGL","technology",{"name":28,"type":26},"GPU","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":29,"icon":31,"name":32,"slug":33},null,"Vulnerabilities","vulnerabilities",[35,40,42],{"category":36},{"id":37,"icon":31,"name":38,"slug":39},"02371804-cf6d-4449-98de-f1a2d4d9b266","Tools","tools",{"category":41},{"id":29,"icon":31,"name":32,"slug":33},{"category":43},{"id":44,"icon":31,"name":45,"slug":46},"d95477d7-eb04-4fad-a2dc-be1428040ce7","Privacy Fines","privacy-fines",[48,52,55,58,61],{"type":49,"value":50,"context":51},"cve","CVE-2026-9872","Out-of-bounds write in GPU component; critical severity; $43,000 bounty",{"type":49,"value":53,"context":54},"CVE-2026-9873","Use-after-free in Network component; critical severity; $43,000 bounty",{"type":49,"value":56,"context":57},"CVE-2026-9874","Use-after-free in Dawn; critical severity",{"type":49,"value":59,"context":60},"CVE-2026-9875","Out-of-bounds read in WebGL; critical severity",{"type":49,"value":62,"context":63},"CVE-2026-9876","Use-after-free in WebGL; critical severity"]