Google Chrome Updates Patch 79 Vulnerabilities, Including 14 Critical Flaws
Key Takeaways Google has released a critical security update for its Chrome browser, addressing 79 vulnerabilities. Among these, 14 flaws are rated as critical, posing severe risks including...
Key Takeaways
- Google has released a critical security update for its Chrome browser, addressing 79 vulnerabilities.
- Among these, 14 flaws are rated as critical, posing severe risks including arbitrary code execution.
- All Chrome users on Windows, Mac, and Linux are affected and urged to update immediately to stable versions 148.0.7778.167/168.
- The update mitigates risks from common memory corruption issues like Use-after-free and Heap buffer overflow.
Google has deployed a substantial security update for its Chrome browser, addressing 79 distinct vulnerabilities. This crucial release aims to prevent potential exploitation by malicious actors, bolstering the security posture of millions of users worldwide.
Table Of Content
A significant concern within this patch is the remediation of 14 critical-rated flaws. Operating Chrome without this update leaves systems vulnerable to severe cyberattacks, highlighting the urgency for immediate action.
The latest stable release brings Chrome to version 148.0.7778.167/168 for Windows and Mac users, while Linux installations will update to 148.0.7778.167. Google is rolling out this patch progressively, but both individual users and enterprise administrators are strongly advised to initiate the update manually to ensure prompt protection.
The extensive nature of this security release underscores the persistent challenge posed by memory corruption bugs. Vulnerabilities such as “Use-after-free” (UAF) and “Heap buffer overflow” are particularly prevalent in complex browser architectures and are frequently targeted by attackers.
In line with its standard security protocols, Google has opted to withhold specific exploit details and proof-of-concept code. This strategic delay provides a vital window for the global user base to install the necessary patches before threat actors can develop and weaponize exploits based on public disclosures.
Despite the temporary nondisclosure of exploit specifics, Google has already compensated independent researchers with substantial bug bounties, indicating the profound severity of the vulnerabilities uncovered.
The most significant reward, totaling $43,000, was awarded to an external researcher identified as c6eed09fc8b174b0f3eebedcceb1e792 for identifying a critical heap buffer overflow within the WebML component.
Critical Chrome Vulnerabilities Patched
Google’s official release notes detail fixes for numerous memory management vulnerabilities that could enable attackers to execute arbitrary code. This typically occurs when a user visits a specially crafted malicious HTML page.
Security intelligence teams should pay close attention to the following breakdown of the most severe vulnerabilities addressed in this update:
| CVE ID | Component | Vulnerability Type | Reporter | Bounty |
|---|---|---|---|---|
| CVE-2026-8509 | WebML | Heap buffer overflow | c6eed09fc8b174b0f3eebedcceb1e792 | $43,000 |
| CVE-2026-8510 | Skia | Integer overflow | [email protected] | $25,000 |
| CVE-2026-8511 | UI | Use after free | N/A | |
| CVE-2026-8512 | FileSystem | Use after free | N/A | |
| CVE-2026-8513 | Input | Use after free | N/A | |
| CVE-2026-8514 | Aura | Use after free | N/A | |
| CVE-2026-8515 | HID | Use after free | N/A | |
| CVE-2026-8516 | DataTransfer | Insufficient validation of untrusted input | N/A | |
| CVE-2026-8517 | WebShare | Object lifecycle issue | N/A | |
| CVE-2026-8518 | Blink | Use after free | N/A | |
| CVE-2026-8519 | ANGLE | Integer overflow | N/A | |
| CVE-2026-8520 | Payments | Race condition | N/A | |
| CVE-2026-8521 | Tab Groups | Use after free | N/A | |
| CVE-2026-8522 | Downloads | Use after free | N/A |
Browser vulnerabilities are a prime target for threat actors, who leverage them to bypass sandbox protections, exfiltrate sensitive data, and compromise the underlying operating system. Procrastinating on this patch introduces a direct and unacceptable risk to your digital infrastructure.
What You Should Do
- Open your Chrome browser and click the three-dot menu located in the top-right corner.
- Navigate to “Help,” then select “About Google Chrome.”
- Allow the browser to automatically detect, download, and install the latest version (148.0.7778.167/168).
- Click “Relaunch” to apply all security fixes and terminate any active, potentially vulnerable sessions.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.