Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical Microsoft Active Directory Zero-Day Actively Exploited
July 15, 2026
Critical BitLocker Vulnerability Lets Attackers Bypass Windows Security
July 15, 2026
Notepad++ Vulnerabilities Enable PowerShell Command Injection
July 15, 2026
Home/CyberSecurity News/Google Chrome 127 Vulnerabilities Patched in Latest Release
CyberSecurity News

Google Chrome 127 Vulnerabilities Patched in Latest Release

Key Takeaways Google has released a critical security update for Chrome, version 148.0.7778.96/97, addressing 127 vulnerabilities. The update includes patches for three Critical-rated flaws and over...

Sarah simpson
Sarah simpson
May 7, 2026 3 Min Read
60 0

Key Takeaways

  • Google has released a critical security update for Chrome, version 148.0.7778.96/97, addressing 127 vulnerabilities.
  • The update includes patches for three Critical-rated flaws and over two dozen High-severity issues affecting Windows, Mac, and Linux users.
  • Vulnerabilities include integer overflows, use-after-free conditions, and out-of-bounds memory access across various Chrome components.
  • Users are strongly advised to update their Chrome browser immediately to mitigate significant security risks.

Extensive Security Update Lands for Google Chrome, Patching 127 Vulnerabilities

Google has rolled out a substantial security update for its Chrome browser, promoting version 148 to the stable channel across Windows, Mac, and Linux platforms. This release, identified as 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and Mac, stands out as one of the most comprehensive security patches in Chrome’s recent history, incorporating a staggering 127 security fixes.

Table Of Content

  • Key Takeaways
  • Extensive Security Update Lands for Google Chrome, Patching 127 Vulnerabilities
  • Critical Vulnerabilities Addressed in Chrome 148
  • High-Severity Flaws and Research Contributions
  • Broader Spectrum of Patched Vulnerabilities
  • What You Should Do

The vulnerabilities addressed span a wide range of severity levels. Among the 127 resolved issues, three are classified as Critical, more than two dozen are rated High, and numerous others fall into the Medium and Low categories.

In recognition of responsible disclosure, Google distributed over $100,000 in bug bounties to external security researchers. A notable individual payout of $55,000 was awarded to a single researcher for reporting a High-severity out-of-bounds read and write flaw within the V8 JavaScript engine.

Critical Vulnerabilities Addressed in Chrome 148

The three Critical-rated vulnerabilities represent the most severe risks. The first, CVE-2026-7896, is an integer overflow flaw discovered in the Blink rendering engine. An external researcher reported this vulnerability on March 18, leading to a $43,000 bounty.

The other two critical issues, CVE-2026-7897 and CVE-2026-7898, are both use-after-free vulnerabilities. One affects the Mobile component, while the other is found in Chromoting (Chrome Remote Desktop). Google’s internal teams reported these on April 18 and April 20, respectively.

Use-after-free vulnerabilities are particularly dangerous due to their potential to enable arbitrary code execution. Attackers can exploit these flaws by manipulating memory regions that have been freed but are still referenced by the program.

High-Severity Flaws and Research Contributions

The High-severity category encompasses a significant number of vulnerabilities impacting various attack surfaces. CVE-2026-7899, an out-of-bounds read and write flaw within Chrome’s V8 JavaScript engine, was reported by Project WhatForLunch (@pjwhatforlunch) and received the highest individual reward of $55,000 for this update.

Additionally, CVE-2026-7900, a heap buffer overflow, and CVE-2026-7901, a use-after-free bug, were identified in ANGLE, the graphics abstraction layer. Each of these earned a $16,000 reward.

Another notable High-severity issue is CVE-2026-7902, an out-of-bounds memory access in V8, reported by JunYoung Park from KAIST Hacking Lab, which garnered an $8,000 bounty. These flaws in V8 and ANGLE pose substantial risks, enabling potential drive-by exploitation through malformed web pages.

Broader Spectrum of Patched Vulnerabilities

Beyond the critical and high-severity issues, Chrome 148 addresses a multitude of use-after-free vulnerabilities impacting components such as SVG, DOM, Fullscreen, GPU, WebRTC, Skia, Passwords, ServiceWorker, PresentationAPI, and WebAudio, among others.

Medium-severity findings in this release include CVE-2026-7936, an object lifecycle issue in V8, CVE-2026-7988, a type confusion in WebRTC, and instances of insufficient policy enforcement across DevTools, Extensions, and DirectSockets.

Even a Low-severity flaw, CVE-2026-8022, an inappropriate implementation in MHTML, is significant. This vulnerability could allow a remote attacker to exfiltrate cross-origin data if a user is manipulated into performing specific UI gestures on a specially crafted MHTML page.

Google extended credit to dozens of independent researchers and organizations, including KAIST Hacking Lab, Tencent Security Xuanwu Lab, National Yang Ming Chiao Tung University’s Security and Systems Lab, and Theori, for their contributions.

According to Chrome’s official advisory, many of these bugs were identified through Google’s extensive proactive security testing infrastructure, utilizing automated fuzzing and sanitizer tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, libFuzzer, and AFL.

The next stable release, Chrome 149, is anticipated on June 2, 2026.

What You Should Do

  • Update Immediately: All users on Windows, Mac, and Linux should update their Chrome browser to version 148.0.7778.96/97 without delay to apply these crucial security fixes.
  • Verify Version: To update, navigate to Settings → Help → About Google Chrome. The browser will automatically check for and install the latest version.
  • Restart Browser: Ensure you restart Chrome after the update to finalize the installation of the patches.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurity

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

Salat Malware Employs QUIC and WebSocket for Covert Remote Control

Next Post

Massive DDoS Attack Evaded Rate Limits with 1.2M IPs

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Flaw: OAuth Client ID Spoofing Exposes 2 Million Entra ID Users
July 14, 2026
Critical Claude for Chrome Flaw Exposes Gmail, Docs, Calendar Data
July 14, 2026
Critical Vulnerability in AsyncAPI npm Packages Exposes Users to Attack
July 14, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us